Rollup merge of #58429 - RalfJung:box, r=TimNN

fix Box::into_unique effecitvely transmuting to a raw ptr Miri/Stacked Borrows treat `Box` specially: they assert that it is unique, and tag it appropriately. However, currently, `Box::into_inner` is not aware of that and returns a raw pointer (wrapped in a `Unique`) that carries the same tag as the box, meaning it carries a `Uniq` tag. This leads to all sorts of problems when people use the raw pointer they get out of the `Unique` type. In the future, it'd be interesting to make `Unique` also carry some kind of uniqueness. In that case, something like this would instead be needed whenever a raw pointer is extracted from a `Unique`. However, that is out-of-scope for the current version of Stacked Borrows. So until then, this changes `into_unique` to perform a proper reference-to-raw-ptr-cast, which clears the tag.
2019-02-16 00:55:54 +08:00 · 2019-02-16 00:55:54 +08:00 · 13b055d5db
commit 13b055d5db
parent 092d191965 719be246ae
1 changed files with 8 additions and 3 deletions
--- a/src/liballoc/boxed.rs
+++ b/src/liballoc/boxed.rs
@ -202,10 +202,15 @@ impl<T: ?Sized> Box<T> {
    #[unstable(feature = "ptr_internals", issue = "0", reason = "use into_raw_non_null instead")]
    #[inline]
    #[doc(hidden)]
-    pub fn into_unique(b: Box<T>) -> Unique<T> {
-        let unique = b.0;
+    pub fn into_unique(mut b: Box<T>) -> Unique<T> {
+        // Box is kind-of a library type, but recognized as a "unique pointer" by
+        // Stacked Borrows.  This function here corresponds to "reborrowing to
+        // a raw pointer", but there is no actual reborrow here -- so
+        // without some care, the pointer we are returning here still carries
+        // the `Uniq` tag.  We round-trip through a mutable reference to avoid that.
+        let unique = unsafe { b.0.as_mut() as *mut T };
        mem::forget(b);
-        unique
+        unsafe { Unique::new_unchecked(unique) }
    }

    /// Consumes and leaks the `Box`, returning a mutable reference,