Yoke vs strong protection #3696
Description
The following code fails Miri when -Zmiri-retag-fields is enabled (which will become the default soon: rust-lang/miri#2985):
fn example(_: Yoke<&'static [u8], Vec<u8>>) {}
fn main() {
example(Yoke::attach_to_cart(vec![0, 1, 2], |data| data));
}
use yoke::Yoke;Miri error message
error: Undefined Behavior: not granting access to tag <1714> because that would remove [SharedReadOnly for <1769>] which is strongly protected because it is an argument of call 758
--> ~/.local/share/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:497:1
|
497 | pub unsafe fn drop_in_place<T: ?Sized>(to_drop: *mut T) {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ not granting access to tag <1714> because that would remove [SharedReadOnly for <1769>] which is strongly protected because it is an argument of call 758
|
= help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
= help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
help: <1714> was created by a SharedReadWrite retag at offsets [0x0..0x3]
--> src/main.rs:3:34
|
3 | example(Yoke::attach_to_cart(vec![0, 1, 2], |data| data));
| ^^^^^^^^^^^^^
help: <1769> is this argument
--> src/main.rs:1:12
|
1 | fn example(_: Yoke<&'static [u8], Vec<u8>>) {}
| ^
= note: BACKTRACE (of the first span):
= note: inside `std::ptr::drop_in_place::<[u8]> - shim(None)` at ~/.local/share/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:497:1: 497:56
= note: inside `<std::vec::Vec<u8> as std::ops::Drop>::drop` at ~/.local/share/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/vec/mod.rs:3013:13: 3013:91
= note: inside `std::ptr::drop_in_place::<std::vec::Vec<u8>> - shim(Some(std::vec::Vec<u8>))` at ~/.local/share/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:497:1: 497:56
= note: inside `std::ptr::drop_in_place::<yoke::Yoke<&[u8], std::vec::Vec<u8>>> - shim(Some(yoke::Yoke<&[u8], std::vec::Vec<u8>>))` at ~/.local/share/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:497:1: 497:56
note: inside `example`
--> src/main.rs:1:46
|
1 | fn example(_: Yoke<&'static [u8], Vec<u8>>) {}
| ^
note: inside `main`
--> src/main.rs:3:5
|
3 | example(Yoke::attach_to_cart(vec![0, 1, 2], |data| data));
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: this error originates in the macro `vec` (in Nightly builds, run with -Z macro-backtrace for more info)
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
Note that this is not the same as #2095. While #2095 deals with noalias, this deals with the different issue that the &'static [u8] passed into the function is expected to be valid for as long as the function runs, but the Vec is deallocated while the function runs.
See also:
Metadata
Metadata
Assignees
Labels
Component: Yoke, ZeroVec, DataBakeComponent: Yoke, ZeroVec, DataBake