Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix fn/const items implied bounds and wf check #104098

Closed
wants to merge 4 commits into from

Conversation

aliemjay
Copy link
Member

@aliemjay aliemjay commented Nov 7, 2022

These are two distinct changes (edit: actually three, see below):

  1. Wf-check all fn item args. This is a soundness fix.
    Fixes function type params are not checked for well-formedness #104005

  2. Use implied bounds from impl header in borrowck of associated functions/consts. This strictly accepts more code and helps to mitigate the impact of other breaking changes.
    Fixes implied bounds from impl header are not used in associated functions/consts #98852
    Fixes Generic param requires bounds on call to function that is already required for calls to the caller #102611

The first is a breaking change and will likely have a big impact without the the second one. See the first commit for how it breaks libstd.

Landing the second one without the first will allow more incorrect code to pass. For example an exploit of #104005 would be as simple as:

use core::fmt::Display;

trait ExtendLt<Witness> {
    fn extend(self) -> Box<dyn Display>;
}

impl<T: Display> ExtendLt<&'static T> for T {
    fn extend(self) -> Box<dyn Display> {
        Box::new(self)
    }
}

fn main() {
    let val = (&String::new()).extend();
    println!("{val}");
}

The third change is to to check WF of user type annotations before normalizing them (fixes #104764, fixes #104763). It is mutually dependent on the second change above: an attempt to land it separately in #104746 caused several crater regressions that can all be mitigated by using the implied from the impl header. It is also necessary for the soundness of associated consts that use the implied bounds of impl header. See #104763 and how the third commit fixes the soundness issue in tests/ui/wf/wf-associated-const.rs that was introduces by the previous commit.

cc @lcnr
r? types

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Nov 7, 2022
@rust-log-analyzer

This comment was marked as outdated.

@jackh726
Copy link
Member

jackh726 commented Nov 7, 2022

Makes sense to me. We should do a crater run, just to check.

@bors

This comment was marked as off-topic.

@lcnr lcnr added T-types Relevant to the types team, which will review and decide on the PR/issue. and removed T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Nov 9, 2022
Copy link
Contributor

@lcnr lcnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is feels like a step in the right direction. let's run crater and if there aren't any bad regressions we should merge this

compiler/rustc_borrowck/src/type_check/mod.rs Show resolved Hide resolved
@lcnr
Copy link
Contributor

lcnr commented Nov 9, 2022

@bors try

@bors

This comment was marked as outdated.

@lcnr
Copy link
Contributor

lcnr commented Nov 14, 2022

this also fixes #84591 (comment), it should not fix the original issue afaict though.

@lcnr
Copy link
Contributor

lcnr commented Feb 15, 2023

@rustbot author

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Feb 15, 2023
@JohnCSimon
Copy link
Member

@aliemjay

ping from triage - can you post your status on this PR? There hasn't been an update in a few months. Thanks!

FYI: when a PR is ready for review, send a message containing
@rustbot ready to switch to S-waiting-on-review so the PR is in the reviewer's backlog.

@Dylan-DPC
Copy link
Member

Closing this as inactive. Feel free to reöpen this pr or create a new pr if you get the time to work on this. Thanks

@Dylan-DPC Dylan-DPC closed this May 17, 2023
@Dylan-DPC Dylan-DPC added S-inactive Status: Inactive and waiting on the author. This is often applied to closed PRs. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 17, 2023
@aliemjay aliemjay reopened this Nov 8, 2023
@aliemjay
Copy link
Member Author

aliemjay commented Nov 8, 2023

Anniversary update is here :)

This now also fixes #104764 and #104763

@rustbot review
@bors try @rust-timer queue

@rust-timer

This comment has been minimized.

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. S-waiting-on-perf Status: Waiting on a perf run to be completed. labels Nov 8, 2023
@aliemjay aliemjay removed the S-inactive Status: Inactive and waiting on the author. This is often applied to closed PRs. label Nov 8, 2023
@rfcbot rfcbot added proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. labels Nov 15, 2023
@aliemjay
Copy link
Member Author

benchmark after using the TypeOps's fast path for WF obligations.
@bors try @rust-timer queue

@rust-timer

This comment has been minimized.

@rustbot rustbot added the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Nov 20, 2023
@bors
Copy link
Contributor

bors commented Nov 20, 2023

⌛ Trying commit 61bd7f9 with merge 66ac3f1...

bors added a commit to rust-lang-ci/rust that referenced this pull request Nov 20, 2023
fix fn/const items implied bounds and wf check

These are two distinct changes (edit: actually three, see below):
1. Wf-check all fn item args. This is a soundness fix.
Fixes rust-lang#104005

2. Use implied bounds from impl header in borrowck of associated functions/consts. This strictly accepts more code and helps to mitigate the impact of other breaking changes.
Fixes rust-lang#98852
Fixes rust-lang#102611

The first is a breaking change and will likely have a big impact without the the second one. See the first commit for how it breaks libstd.

Landing the second one without the first will allow more incorrect code to pass. For example an exploit of rust-lang#104005 would be as simple as:
```rust
use core::fmt::Display;

trait ExtendLt<Witness> {
    fn extend(self) -> Box<dyn Display>;
}

impl<T: Display> ExtendLt<&'static T> for T {
    fn extend(self) -> Box<dyn Display> {
        Box::new(self)
    }
}

fn main() {
    let val = (&String::new()).extend();
    println!("{val}");
}
```

The third change is to to check WF of user type annotations before normalizing them (fixes rust-lang#104764, fixes rust-lang#104763). It is mutually dependent on the second change above: an attempt to land it separately in rust-lang#104746 caused several crater regressions that can all be mitigated by using the implied from the impl header. It is also necessary for the soundness of associated consts that use the implied bounds of impl header. See rust-lang#104763 and how the third commit fixes the soundness issue in `tests/ui/wf/wf-associated-const.rs` that was introduces by the previous commit.

cc `@lcnr`
r? types
Comment on lines +294 to +295
// We currently add implied bounds from the normalized ty only.
// This is more conservative and matches wfcheck behavior.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// We currently add implied bounds from the normalized ty only.
// This is more conservative and matches wfcheck behavior.
// We currently add implied bounds from the normalized `ty` only.
// This is more conservative and matches `wfcheck` behavior.

Markup consistency edits.

@bors
Copy link
Contributor

bors commented Nov 20, 2023

☀️ Try build successful - checks-actions
Build commit: 66ac3f1 (66ac3f183c9d4ebfe29e2c23b49b82ee445529b9)

@rust-timer

This comment has been minimized.

@rust-timer
Copy link
Collaborator

Finished benchmarking commit (66ac3f1): comparison URL.

Overall result: ❌ regressions - ACTION NEEDED

Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @rustbot label: +perf-regression-triaged along with sufficient written justification. If you cannot justify the regressions please fix the regressions and do another perf run. If the next run shows neutral or positive results, the label will be automatically removed.

@bors rollup=never
@rustbot label: -S-waiting-on-perf +perf-regression

Instruction count

This is a highly reliable metric that was used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
0.4% [0.2%, 0.5%] 25
Regressions ❌
(secondary)
0.8% [0.1%, 1.4%] 15
Improvements ✅
(primary)
- - 0
Improvements ✅
(secondary)
- - 0
All ❌✅ (primary) 0.4% [0.2%, 0.5%] 25

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
1.0% [1.0%, 1.0%] 1
Regressions ❌
(secondary)
3.7% [3.6%, 3.7%] 3
Improvements ✅
(primary)
- - 0
Improvements ✅
(secondary)
-1.2% [-1.4%, -1.0%] 2
All ❌✅ (primary) 1.0% [1.0%, 1.0%] 1

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
- - 0
Regressions ❌
(secondary)
1.7% [1.4%, 1.9%] 2
Improvements ✅
(primary)
- - 0
Improvements ✅
(secondary)
-1.8% [-1.8%, -1.8%] 1
All ❌✅ (primary) - - 0

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 674.774s -> 678.026s (0.48%)
Artifact size: 313.77 MiB -> 313.77 MiB (-0.00%)

@rustbot rustbot removed the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Nov 21, 2023
@rfcbot rfcbot added final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. and removed proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. labels Dec 4, 2023
@rfcbot
Copy link

rfcbot commented Dec 4, 2023

🔔 This is now entering its final comment period, as per the review above. 🔔

matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Dec 8, 2023
…mpiler-errors

temporarily revert "ice on ambguity in mir typeck"

Reverts rust-lang#116530 as a temporary measure to fix rust-lang#117577. That issue should be ultimately fixed by checking WF of type annotations prior to normalization, which is implemented in rust-lang#104098 but this PR is intended to be backported to beta.

r? `@compiler-errors` (the reviewer of the reverted PR)
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Dec 8, 2023
…mpiler-errors

temporarily revert "ice on ambguity in mir typeck"

Reverts rust-lang#116530 as a temporary measure to fix rust-lang#117577. That issue should be ultimately fixed by checking WF of type annotations prior to normalization, which is implemented in rust-lang#104098 but this PR is intended to be backported to beta.

r? ``@compiler-errors`` (the reviewer of the reverted PR)
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request Dec 9, 2023
Rollup merge of rust-lang#118736 - aliemjay:revert-ice-on-ambig, r=compiler-errors

temporarily revert "ice on ambguity in mir typeck"

Reverts rust-lang#116530 as a temporary measure to fix rust-lang#117577. That issue should be ultimately fixed by checking WF of type annotations prior to normalization, which is implemented in rust-lang#104098 but this PR is intended to be backported to beta.

r? ``@compiler-errors`` (the reviewer of the reverted PR)
@rfcbot rfcbot added finished-final-comment-period The final comment period is finished for this PR / Issue. to-announce Announce this issue on triage meeting and removed final-comment-period In the final comment period and will be merged soon unless new substantive objections are raised. labels Dec 14, 2023
@rfcbot
Copy link

rfcbot commented Dec 14, 2023

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

This will be merged soon.

@apiraino apiraino removed the to-announce Announce this issue on triage meeting label Dec 14, 2023
Copy link
Contributor

@lcnr lcnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r=me after rebase

@lcnr
Copy link
Contributor

lcnr commented Jan 16, 2024

closing in favor of a rebase of this PR in #120019.

@lcnr lcnr closed this Jan 16, 2024
bors added a commit to rust-lang-ci/rust that referenced this pull request Jan 17, 2024
fix fn/const items implied bounds and wf check (rebase)

A rebase of rust-lang#104098, see that PR for discussion. This is pretty much entirely the work of `@aliemjay.` I received his permission for this rebase.

---

These are two distinct changes (edit: actually three, see below):
1. Wf-check all fn item args. This is a soundness fix.
Fixes rust-lang#104005

2. Use implied bounds from impl header in borrowck of associated functions/consts. This strictly accepts more code and helps to mitigate the impact of other breaking changes.
Fixes rust-lang#98852
Fixes rust-lang#102611

The first is a breaking change and will likely have a big impact without the the second one. See the first commit for how it breaks libstd.

Landing the second one without the first will allow more incorrect code to pass. For example an exploit of rust-lang#104005 would be as simple as:
```rust
use core::fmt::Display;

trait ExtendLt<Witness> {
    fn extend(self) -> Box<dyn Display>;
}

impl<T: Display> ExtendLt<&'static T> for T {
    fn extend(self) -> Box<dyn Display> {
        Box::new(self)
    }
}

fn main() {
    let val = (&String::new()).extend();
    println!("{val}");
}
```

The third change is to to check WF of user type annotations before normalizing them (fixes rust-lang#104764, fixes rust-lang#104763). It is mutually dependent on the second change above: an attempt to land it separately in rust-lang#104746 caused several crater regressions that can all be mitigated by using the implied from the impl header. It is also necessary for the soundness of associated consts that use the implied bounds of impl header. See rust-lang#104763 and how the third commit fixes the soundness issue in `tests/ui/wf/wf-associated-const.rs` that was introduces by the previous commit.

r? types
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. finished-final-comment-period The final comment period is finished for this PR / Issue. perf-regression Performance regression. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-types Relevant to the types team, which will review and decide on the PR/issue.
Projects
None yet