-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"!" is the only type that is unsafe to raw-ptr-deref into a "_" pattern #79735
Comments
One possible explanation of this behavior is that "it is UB to create a place of an uninhabited type". That would be a rather surprising special case, I think, but I could get behind this since I am actually proposing to similarly treat uninhabites types specially for However, under that explanation, the following code has UB: enum Void {}
fn foo(ptr: *const Void) {
let _ = *ptr;
}
foo(&3 as *const _ as *const _); And yet this is all accepted as safe code. So I think something is very wrong here. |
Should this be nominated? |
Is this what is happening with #77694 ? |
@DutchGhost I don't think so, there is no |
We discussed this in our @rust-lang/lang meeting today. Clearly the current behavior is unsound. The question is what behavior we expect. There seem to be two related questions:
Does that analysis sound about right to you, @RalfJung? (It doesn't yet say the answers to those questions, especially the second one) |
Yes that sounds about right, modulo the vagueness of the term "valid pointer". ;) One way to look at this is by being explicit about place-to-value coercions ( let x = p2v(*ptr); Now there are two axes we can adjust:
One aspect to consider for the second question is expressions like |
Cc #80059 |
We discussed this in the @rust-lang/lang meeting on 2021-02-09 and we concluded that:
I'm going to remove nomination as there isn't anything urgent to solve at this time. |
FWIW, Miri cannot detect this UB since it is not represented in the MIR. |
In truth, my opinion is that |
It seems that the THIR unsafety checker now disallows (while the MIR checker allows) dereferencing pointers to wildcards: fn foo(ptr: *const bool) {
let _ = *ptr;
} |
This does not compile any more. I think @cjgillot fixed it? So the issue can be closed if we have a test.
That is indeed the semantics we are going for. For |
#102256 added a test so this can be closed. |
This code compiles:
The MIR is empty, i.e., no ptr deref happens.
But this does not:
The MIR is
unreachable;
, i.e., the ptr deref conceptually somehow did actually happen.That is a very strange inconsistency -- the
!
type is just yet another type, why does it behave differently here?Curiously, this does not yield any
unreachable
:The text was updated successfully, but these errors were encountered: