Skip to content

Use deref target in Pin trait implementations #67039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Dec 10, 2019
Merged

Use deref target in Pin trait implementations #67039

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1cf0db1
Use deref target in Pin trait implementations
LunaBorowska Dec 4, 2019
dfcf764
Document why Pin implementations aren't derived
LunaBorowska Dec 5, 2019
6996ae1
Add UI test for Pin PartialEq unsoundness
LunaBorowska Dec 5, 2019
61d9c00
Explicitly refer to operator methods in Pin impls
LunaBorowska Dec 7, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 41 additions & 17 deletions src/libcore/pin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,7 @@

use crate::cmp::{self, PartialEq, PartialOrd};
use crate::fmt;
use crate::hash::{Hash, Hasher};
use crate::marker::{Sized, Unpin};
use crate::ops::{CoerceUnsized, Deref, DerefMut, DispatchFromDyn, Receiver};

Expand All @@ -390,55 +391,78 @@ use crate::ops::{CoerceUnsized, Deref, DerefMut, DispatchFromDyn, Receiver};
/// [`Unpin`]: ../../std/marker/trait.Unpin.html
/// [`pin` module]: ../../std/pin/index.html
//
// Note: the derives below, and the explicit `PartialEq` and `PartialOrd`
// implementations, are allowed because they all only use `&P`, so they cannot move
// the value behind `pointer`.
// Note: the `Clone` derive below causes unsoundness as it's possible to implement
// `Clone` for mutable references.
// See <https://internals.rust-lang.org/t/unsoundness-in-pin/11311> for more details.
#[stable(feature = "pin", since = "1.33.0")]
#[lang = "pin"]
#[fundamental]
#[repr(transparent)]
#[derive(Copy, Clone, Hash, Eq, Ord)]
#[derive(Copy, Clone)]
pub struct Pin<P> {
pointer: P,
}

#[stable(feature = "pin_partialeq_partialord_impl_applicability", since = "1.34.0")]
impl<P, Q> PartialEq<Pin<Q>> for Pin<P>
// The following implementations aren't derived in order to avoid soundness
// issues. `&self.pointer` should not be accessible to untrusted trait
// implementations.
//
// See <https://internals.rust-lang.org/t/unsoundness-in-pin/11311/73> for more details.

#[stable(feature = "pin_trait_impls", since = "1.41.0")]
impl<P: Deref, Q: Deref> PartialEq<Pin<Q>> for Pin<P>
where
P: PartialEq<Q>,
P::Target: PartialEq<Q::Target>,
{
fn eq(&self, other: &Pin<Q>) -> bool {
self.pointer == other.pointer
P::Target::eq(self, other)
}

fn ne(&self, other: &Pin<Q>) -> bool {
self.pointer != other.pointer
P::Target::ne(self, other)
}
}

#[stable(feature = "pin_partialeq_partialord_impl_applicability", since = "1.34.0")]
impl<P, Q> PartialOrd<Pin<Q>> for Pin<P>
#[stable(feature = "pin_trait_impls", since = "1.41.0")]
impl<P: Deref<Target: Eq>> Eq for Pin<P> {}

#[stable(feature = "pin_trait_impls", since = "1.41.0")]
impl<P: Deref, Q: Deref> PartialOrd<Pin<Q>> for Pin<P>
where
P: PartialOrd<Q>,
P::Target: PartialOrd<Q::Target>,
{
fn partial_cmp(&self, other: &Pin<Q>) -> Option<cmp::Ordering> {
self.pointer.partial_cmp(&other.pointer)
P::Target::partial_cmp(self, other)
}

fn lt(&self, other: &Pin<Q>) -> bool {
self.pointer < other.pointer
P::Target::lt(self, other)
}

fn le(&self, other: &Pin<Q>) -> bool {
self.pointer <= other.pointer
P::Target::le(self, other)
}

fn gt(&self, other: &Pin<Q>) -> bool {
self.pointer > other.pointer
P::Target::gt(self, other)
}

fn ge(&self, other: &Pin<Q>) -> bool {
self.pointer >= other.pointer
P::Target::ge(self, other)
}
}

#[stable(feature = "pin_trait_impls", since = "1.41.0")]
impl<P: Deref<Target: Ord>> Ord for Pin<P> {
fn cmp(&self, other: &Self) -> cmp::Ordering {
P::Target::cmp(self, other)
}
}

#[stable(feature = "pin_trait_impls", since = "1.41.0")]
impl<P: Deref<Target: Hash>> Hash for Pin<P> {
fn hash<H: Hasher>(&self, state: &mut H) {
P::Target::hash(self, state);
}
}

Expand Down
27 changes: 27 additions & 0 deletions src/test/ui/issues/issue-67039-unsound-pin-partialeq.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
// Pin's PartialEq implementation allowed to access the pointer allowing for
// unsoundness by using Rc::get_mut to move value within Rc.
// See https://internals.rust-lang.org/t/unsoundness-in-pin/11311/73 for more details.

use std::ops::Deref;
use std::pin::Pin;
use std::rc::Rc;

struct Apple;

impl Deref for Apple {
type Target = Apple;
fn deref(&self) -> &Apple {
&Apple
}
}

impl PartialEq<Rc<Apple>> for Apple {
fn eq(&self, _rc: &Rc<Apple>) -> bool {
unreachable!()
}
}

fn main() {
let _ = Pin::new(Apple) == Rc::pin(Apple);
//~^ ERROR type mismatch resolving
}
13 changes: 13 additions & 0 deletions src/test/ui/issues/issue-67039-unsound-pin-partialeq.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
error[E0271]: type mismatch resolving `<std::rc::Rc<Apple> as std::ops::Deref>::Target == std::rc::Rc<Apple>`
--> $DIR/issue-67039-unsound-pin-partialeq.rs:25:29
|
LL | let _ = Pin::new(Apple) == Rc::pin(Apple);
| ^^ expected struct `Apple`, found struct `std::rc::Rc`
|
= note: expected type `Apple`
found struct `std::rc::Rc<Apple>`
= note: required because of the requirements on the impl of `std::cmp::PartialEq<std::pin::Pin<std::rc::Rc<Apple>>>` for `std::pin::Pin<Apple>`

error: aborting due to previous error

For more information about this error, try `rustc --explain E0271`.