Unsafe &mut using RefCell

[murarth]

The following code will compile and run (and fail an assertion), when it should not compile:

use std::cell::RefCell;

struct A {
    a: RefCell<Vec<int>>,
}

fn main() {
    let mut a = A{a: RefCell::new(vec![1])};

    for i in a.a.borrow().iter() {
        let r = &mut a;
        r.a = RefCell::new(vec![2]);
        println!("{}", i);
    }
}

Notably, this version properly produces a compile error, recognizing the existing immutable borrow:

use std::cell::RefCell;

struct A {
    a: RefCell<Vec<int>>,
}

fn main() {
    let mut a = A{a: RefCell::new(vec![1])};
    let b = a.a.borrow();

    for i in b.iter() {
        let r = &mut a;
        r.a = RefCell::new(vec![2]);
        println!("{}", i);
    }
}

[emberian]

Nominating for P-high, this is an obvious soundness issue.

[arielb1]

Minimized:

#![feature(tuple_indexing)]

struct MyPtr<'a>(&'a mut uint);
impl<'a> Deref<uint> for MyPtr<'a> {
    fn deref<'b>(&'b self) -> &'b uint { self.0 }
}

trait Tr {
  fn poke(&self, s: &mut uint);
}
impl Tr for uint {
  fn poke(&self, s: &mut uint)  {
      println!("{}", self);
      *s = 2;
      println!("{}", self);
  }
}

fn main() {
    let s = &mut 1u;

    MyPtr(s).poke(s);
}

It seems that deref doesn't properly create a borrow (I didn't manage to use this to create a regionck violation). The bug remains if I use DerefMut and test takes an &uint.

[arielb1]

This is a regression. It errors properly in Rust 0.12

[nikomatsakis]

I get an error using the latest master.

[pnkfelix]

believed fixed, needs test.

[huonw]

Reopening because the test has not yet landed. 😄

[murarth]

Oh. My mistake.

[murarth]

Now it's time to close. 😄