Make UniqueRc invariant for soundness

steffahn · steffahn · commit df57d65c7083 · 2025-01-11T22:36:25.000+01:00
diff --git a/library/alloc/src/rc.rs b/library/alloc/src/rc.rs
@@ -3708,7 +3708,11 @@ pub struct UniqueRc<
     #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,
 > {
     ptr: NonNull<RcInner<T>>,
-    phantom: PhantomData<RcInner<T>>,
+    // Define the ownership of `RcInner<T>` for drop-check
+    _marker: PhantomData<RcInner<T>>,
+    // Invariance is necessary for soundness: once other `Weak`
+    // references exist, we already have a form of shared mutability!
+    _marker2: PhantomData<*mut T>,
     alloc: A,
 }
 
@@ -3994,7 +3998,7 @@ impl<T, A: Allocator> UniqueRc<T, A> {
             },
             alloc,
         ));
-        Self { ptr: ptr.into(), phantom: PhantomData, alloc }
+        Self { ptr: ptr.into(), _marker: PhantomData, _marker2: PhantomData, alloc }
     }
 }
 
diff --git a/tests/ui/variance/variance-uniquerc.rs b/tests/ui/variance/variance-uniquerc.rs
@@ -0,0 +1,27 @@
+// regression test of https://github.com/rust-lang/rust/pull/133572#issuecomment-2543007164
+// we should also test UniqueArc once implemented
+//
+// inline comments explain how this code *would* compile if UniqueRc was still covariant
+
+#![feature(unique_rc_arc)]
+
+use std::rc::UniqueRc;
+
+fn extend_lifetime<'a, 'b>(x: &'a str) -> &'b str {
+    let r = UniqueRc::new(""); // UniqueRc<&'static str>
+    let w = UniqueRc::downgrade(&r); // Weak<&'static str>
+    let mut r = r; // [IF COVARIANT]: ==>> UniqueRc<&'a str>
+    *r = x; // assign the &'a str
+    let _r = UniqueRc::into_rc(r); // Rc<&'a str>, but we only care to activate the weak
+    let r = w.upgrade().unwrap(); // Rc<&'static str>
+    *r // &'static str, coerces to &'b str
+    //~^ ERROR lifetime may not live long enough
+}
+
+fn main() {
+    let s = String::from("Hello World!");
+    let r = extend_lifetime(&s);
+    println!("{r}");
+    drop(s);
+    println!("{r}");
+}
diff --git a/tests/ui/variance/variance-uniquerc.stderr b/tests/ui/variance/variance-uniquerc.stderr
@@ -0,0 +1,15 @@
+error: lifetime may not live long enough
+  --> $DIR/variance-uniquerc.rs:17:5
+   |
+LL | fn extend_lifetime<'a, 'b>(x: &'a str) -> &'b str {
+   |                    --  -- lifetime `'b` defined here
+   |                    |
+   |                    lifetime `'a` defined here
+...
+LL |     *r // &'static str, coerces to &'b str
+   |     ^^ function was supposed to return data with lifetime `'b` but it is returning data with lifetime `'a`
+   |
+   = help: consider adding the following bound: `'a: 'b`
+
+error: aborting due to 1 previous error
+

Original file line number	Diff line number	Diff line change
`@@ -3708,7 +3708,11 @@ pub struct UniqueRc<`
`3708`	`3708`	`#[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,`
`3709`	`3709`	`> {`
`3710`	`3710`	`ptr: NonNull<RcInner<T>>,`
`3711`		`- phantom: PhantomData<RcInner<T>>,`
	`3711`	+ // Define the ownership of `RcInner<T>` for drop-check
	`3712`	`+ _marker: PhantomData<RcInner<T>>,`
	`3713`	+ // Invariance is necessary for soundness: once other `Weak`
	`3714`	`+ // references exist, we already have a form of shared mutability!`
	`3715`	`+ _marker2: PhantomData<*mut T>,`
`3712`	`3716`	`alloc: A,`
`3713`	`3717`	`}`
`3714`	`3718`
`@@ -3994,7 +3998,7 @@ impl<T, A: Allocator> UniqueRc<T, A> {`
`3994`	`3998`	`},`
`3995`	`3999`	`alloc,`
`3996`	`4000`	`));`
`3997`		`- Self { ptr: ptr.into(), phantom: PhantomData, alloc }`
	`4001`	`+ Self { ptr: ptr.into(), _marker: PhantomData, _marker2: PhantomData, alloc }`
`3998`	`4002`	`}`
`3999`	`4003`	`}`
`4000`	`4004`