Make UniqueArc invariant for soundness

Author: frank-king

library/alloc/src/sync.rs

@@ -4071,7 +4071,11 @@ pub struct UniqueArc<
     #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,
 > {
     ptr: NonNull<ArcInner<T>>,
-    phantom: PhantomData<ArcInner<T>>,
+    // Define the ownership of `ArcInner<T>` for drop-check
+    _marker: PhantomData<ArcInner<T>>,
+    // Invariance is necessary for soundness: once other `Weak`
+    // references exist, we already have a form of shared mutability!
+    _marker2: PhantomData<*mut T>,
     alloc: A,
 }
 
@@ -4116,7 +4120,7 @@ impl<T, A: Allocator> UniqueArc<T, A> {
             },
             alloc,
         ));
-        Self { ptr: ptr.into(), phantom: PhantomData, alloc }
+        Self { ptr: ptr.into(), _marker: PhantomData, _marker2: PhantomData, alloc }
     }
 }
 

tests/ui/variance/variance-uniquearc.rs

@@ -0,0 +1,27 @@
+// regression test of https://github.com/rust-lang/rust/pull/133572#issuecomment-2543007164
+// see also the test for UniqueRc` in variance-uniquerc.rs
+//
+// inline comments explain how this code *would* compile if UniqueArc was still covariant
+
+#![feature(unique_rc_arc)]
+
+use std::sync::UniqueArc;
+
+fn extend_lifetime<'a, 'b>(x: &'a str) -> &'b str {
+    let r = UniqueArc::new(""); // UniqueArc<&'static str>
+    let w = UniqueArc::downgrade(&r); // Weak<&'static str>
+    let mut r = r; // [IF COVARIANT]: ==>> UniqueArc<&'a str>
+    *r = x; // assign the &'a str
+    let _r = UniqueArc::into_arc(r); // Arc<&'a str>, but we only care to activate the weak
+    let r = w.upgrade().unwrap(); // Arc<&'static str>
+    *r // &'static str, coerces to &'b str
+    //~^ ERROR lifetime may not live long enough
+}
+
+fn main() {
+    let s = String::from("Hello World!");
+    let r = extend_lifetime(&s);
+    println!("{r}");
+    drop(s);
+    println!("{r}");
+}

tests/ui/variance/variance-uniquearc.stderr

@@ -0,0 +1,15 @@
+error: lifetime may not live long enough
+  --> $DIR/variance-uniquearc.rs:17:5
+   |
+LL | fn extend_lifetime<'a, 'b>(x: &'a str) -> &'b str {
+   |                    --  -- lifetime `'b` defined here
+   |                    |
+   |                    lifetime `'a` defined here
+...
+LL |     *r // &'static str, coerces to &'b str
+   |     ^^ function was supposed to return data with lifetime `'b` but it is returning data with lifetime `'a`
+   |
+   = help: consider adding the following bound: `'a: 'b`
+
+error: aborting due to 1 previous error
+

tests/ui/variance/variance-uniquerc.rs

@@ -1,5 +1,5 @@
 // regression test of https://github.com/rust-lang/rust/pull/133572#issuecomment-2543007164
-// we should also test UniqueArc once implemented
+// see also the test for UniqueArc in variance-uniquearc.rs
 //
 // inline comments explain how this code *would* compile if UniqueRc was still covariant