Prevent downstream impl DerefMut for Pin

Author: Darksonn

library/core/src/pin.rs

@@ -1676,10 +1676,47 @@ impl<Ptr: Deref> Deref for Pin<Ptr> {
     }
 }
 
+mod hidden {
+    use super::*;
+
+    /// Helper that prevents downstream crates from implementing `DerefMut` for `Pin`.
+    ///
+    /// This type is not `#[fundamental]`, so it's possible to relax its `DerefMut` impl bounds in
+    /// the future, so the orphan rules reject downstream impls of `DerefMut` of `Pin`.
+    #[repr(transparent)]
+    #[unstable(feature = "pin_derefmut_internals", issue = "none")]
+    #[allow(missing_debug_implementations)]
+    pub struct PinHelper<Ptr> {
+        pointer: Ptr,
+    }
+
+    #[unstable(feature = "pin_derefmut_internals", issue = "none")]
+    impl<Ptr: Deref> Deref for PinHelper<Ptr> {
+        type Target = Ptr::Target;
+        fn deref(&self) -> &Ptr::Target {
+            &self.pointer
+        }
+    }
+
+    #[unstable(feature = "pin_derefmut_internals", issue = "none")]
+    impl<Ptr: DerefMut<Target: Unpin>> DerefMut for PinHelper<Ptr> {
+        #[inline(always)]
+        fn deref_mut(&mut self) -> &mut Ptr::Target {
+            &mut self.pointer
+        }
+    }
+}
+
 #[stable(feature = "pin", since = "1.33.0")]
-impl<Ptr: DerefMut<Target: Unpin>> DerefMut for Pin<Ptr> {
+impl<Ptr> DerefMut for Pin<Ptr>
+where
+    Ptr: Deref,
+    hidden::PinHelper<Ptr>: DerefMut<Target = Self::Target>,
+{
     fn deref_mut(&mut self) -> &mut Ptr::Target {
-        Pin::get_mut(Pin::as_mut(self))
+        // SAFETY: Pin and PinHelper have the same layout, so this is equivalent to
+        // `&mut self.pointer` which is safe because `Target: Unpin`.
+        unsafe { &mut **(self as *mut Pin<Ptr> as *mut hidden::PinHelper<Ptr>) }
     }
 }
 
@@ -1759,7 +1796,7 @@ unsafe impl<'a, T: ?Sized> PinCoerceUnsized for &'a T {}
 unsafe impl<'a, T: ?Sized> PinCoerceUnsized for &'a mut T {}
 
 #[stable(feature = "pin", since = "1.33.0")]
-unsafe impl<T: PinCoerceUnsized> PinCoerceUnsized for Pin<T> {}
+unsafe impl<T: PinCoerceUnsized + Deref> PinCoerceUnsized for Pin<T> {}
 
 #[stable(feature = "pin", since = "1.33.0")]
 unsafe impl<T: ?Sized> PinCoerceUnsized for *const T {}

tests/mir-opt/inline_coroutine_body.run2-{closure#0}.Inline.panic-abort.diff

@@ -64,27 +64,25 @@
 +                             let mut _45: &mut std::future::Ready<()>;
 +                             let mut _46: &mut std::pin::Pin<&mut std::future::Ready<()>>;
 +                             scope 14 (inlined <Pin<&mut std::future::Ready<()>> as DerefMut>::deref_mut) {
-+                                 scope 15 (inlined Pin::<&mut std::future::Ready<()>>::as_mut) {
-+                                     let mut _47: &mut &mut std::future::Ready<()>;
-+                                     scope 16 (inlined Pin::<&mut std::future::Ready<()>>::new_unchecked) {
++                                 let mut _47: *mut std::pin::hidden::PinHelper<&mut std::future::Ready<()>>;
++                                 let mut _48: *mut std::pin::Pin<&mut std::future::Ready<()>>;
++                                 scope 15 (inlined <pin::hidden::PinHelper<&mut std::future::Ready<()>> as DerefMut>::deref_mut) {
++                                     let mut _49: &mut &mut std::future::Ready<()>;
++                                     scope 16 (inlined <&mut std::future::Ready<()> as DerefMut>::deref_mut) {
 +                                     }
-+                                     scope 18 (inlined <&mut std::future::Ready<()> as DerefMut>::deref_mut) {
-+                                     }
-+                                 }
-+                                 scope 17 (inlined Pin::<&mut std::future::Ready<()>>::get_mut) {
 +                                 }
 +                             }
-+                             scope 19 (inlined Option::<()>::take) {
-+                                 let mut _48: std::option::Option<()>;
-+                                 scope 20 (inlined std::mem::replace::<Option<()>>) {
-+                                     scope 21 {
++                             scope 17 (inlined Option::<()>::take) {
++                                 let mut _50: std::option::Option<()>;
++                                 scope 18 (inlined std::mem::replace::<Option<()>>) {
++                                     scope 19 {
 +                                     }
 +                                 }
 +                             }
-+                             scope 22 (inlined #[track_caller] Option::<()>::expect) {
-+                                 let mut _49: isize;
-+                                 let mut _50: !;
-+                                 scope 23 {
++                             scope 20 (inlined #[track_caller] Option::<()>::expect) {
++                                 let mut _51: isize;
++                                 let mut _52: !;
++                                 scope 21 {
 +                                 }
 +                             }
 +                         }
@@ -227,26 +225,32 @@
 +         _22 = &mut (*_23);
 +         StorageDead(_24);
 +         StorageLive(_45);
-+         StorageLive(_46);
-+         StorageLive(_50);
++         StorageLive(_47);
++         StorageLive(_52);
 +         StorageLive(_42);
 +         StorageLive(_43);
 +         StorageLive(_44);
++         StorageLive(_46);
 +         _46 = &mut _19;
-+         StorageLive(_47);
-+         _47 = &mut (_19.0: &mut std::future::Ready<()>);
-+         _45 = copy (_19.0: &mut std::future::Ready<()>);
-+         StorageDead(_47);
-+         _44 = &mut ((*_45).0: std::option::Option<()>);
 +         StorageLive(_48);
-+         _48 = Option::<()>::None;
-+         _43 = copy ((*_45).0: std::option::Option<()>);
-+         ((*_45).0: std::option::Option<()>) = copy _48;
++         _48 = &raw mut _19;
++         _47 = move _48 as *mut std::pin::hidden::PinHelper<&mut std::future::Ready<()>> (PtrToPtr);
 +         StorageDead(_48);
-+         StorageDead(_44);
 +         StorageLive(_49);
-+         _49 = discriminant(_43);
-+         switchInt(move _49) -> [0: bb11, 1: bb12, otherwise: bb5];
++         _49 = &mut ((*_47).0: &mut std::future::Ready<()>);
++         _45 = copy ((*_47).0: &mut std::future::Ready<()>);
++         StorageDead(_49);
++         StorageDead(_46);
++         _44 = &mut ((*_45).0: std::option::Option<()>);
++         StorageLive(_50);
++         _50 = Option::<()>::None;
++         _43 = copy ((*_45).0: std::option::Option<()>);
++         ((*_45).0: std::option::Option<()>) = copy _50;
++         StorageDead(_50);
++         StorageDead(_44);
++         StorageLive(_51);
++         _51 = discriminant(_43);
++         switchInt(move _51) -> [0: bb11, 1: bb12, otherwise: bb5];
       }
 + 
 +     bb5: {
@@ -309,17 +313,17 @@
 +     }
 + 
 +     bb11: {
-+         _50 = option::expect_failed(const "`Ready` polled after completion") -> unwind unreachable;
++         _52 = option::expect_failed(const "`Ready` polled after completion") -> unwind unreachable;
 +     }
 + 
 +     bb12: {
 +         _42 = move ((_43 as Some).0: ());
-+         StorageDead(_49);
++         StorageDead(_51);
 +         StorageDead(_43);
 +         _18 = Poll::<()>::Ready(move _42);
 +         StorageDead(_42);
-+         StorageDead(_50);
-+         StorageDead(_46);
++         StorageDead(_52);
++         StorageDead(_47);
 +         StorageDead(_45);
 +         StorageDead(_22);
 +         StorageDead(_19);

tests/mir-opt/inline_coroutine_body.run2-{closure#0}.Inline.panic-unwind.diff

@@ -66,27 +66,25 @@
 +                             let mut _47: &mut std::future::Ready<()>;
 +                             let mut _48: &mut std::pin::Pin<&mut std::future::Ready<()>>;
 +                             scope 14 (inlined <Pin<&mut std::future::Ready<()>> as DerefMut>::deref_mut) {
-+                                 scope 15 (inlined Pin::<&mut std::future::Ready<()>>::as_mut) {
-+                                     let mut _49: &mut &mut std::future::Ready<()>;
-+                                     scope 16 (inlined Pin::<&mut std::future::Ready<()>>::new_unchecked) {
++                                 let mut _49: *mut std::pin::hidden::PinHelper<&mut std::future::Ready<()>>;
++                                 let mut _50: *mut std::pin::Pin<&mut std::future::Ready<()>>;
++                                 scope 15 (inlined <pin::hidden::PinHelper<&mut std::future::Ready<()>> as DerefMut>::deref_mut) {
++                                     let mut _51: &mut &mut std::future::Ready<()>;
++                                     scope 16 (inlined <&mut std::future::Ready<()> as DerefMut>::deref_mut) {
 +                                     }
-+                                     scope 18 (inlined <&mut std::future::Ready<()> as DerefMut>::deref_mut) {
-+                                     }
-+                                 }
-+                                 scope 17 (inlined Pin::<&mut std::future::Ready<()>>::get_mut) {
 +                                 }
 +                             }
-+                             scope 19 (inlined Option::<()>::take) {
-+                                 let mut _50: std::option::Option<()>;
-+                                 scope 20 (inlined std::mem::replace::<Option<()>>) {
-+                                     scope 21 {
++                             scope 17 (inlined Option::<()>::take) {
++                                 let mut _52: std::option::Option<()>;
++                                 scope 18 (inlined std::mem::replace::<Option<()>>) {
++                                     scope 19 {
 +                                     }
 +                                 }
 +                             }
-+                             scope 22 (inlined #[track_caller] Option::<()>::expect) {
-+                                 let mut _51: isize;
-+                                 let mut _52: !;
-+                                 scope 23 {
++                             scope 20 (inlined #[track_caller] Option::<()>::expect) {
++                                 let mut _53: isize;
++                                 let mut _54: !;
++                                 scope 21 {
 +                                 }
 +                             }
 +                         }
@@ -244,26 +242,32 @@
 +         _22 = &mut (*_23);
 +         StorageDead(_24);
 +         StorageLive(_47);
-+         StorageLive(_48);
-+         StorageLive(_52);
++         StorageLive(_49);
++         StorageLive(_54);
 +         StorageLive(_44);
 +         StorageLive(_45);
 +         StorageLive(_46);
++         StorageLive(_48);
 +         _48 = &mut _19;
-+         StorageLive(_49);
-+         _49 = &mut (_19.0: &mut std::future::Ready<()>);
-+         _47 = copy (_19.0: &mut std::future::Ready<()>);
-+         StorageDead(_49);
-+         _46 = &mut ((*_47).0: std::option::Option<()>);
 +         StorageLive(_50);
-+         _50 = Option::<()>::None;
-+         _45 = copy ((*_47).0: std::option::Option<()>);
-+         ((*_47).0: std::option::Option<()>) = copy _50;
++         _50 = &raw mut _19;
++         _49 = move _50 as *mut std::pin::hidden::PinHelper<&mut std::future::Ready<()>> (PtrToPtr);
 +         StorageDead(_50);
-+         StorageDead(_46);
 +         StorageLive(_51);
-+         _51 = discriminant(_45);
-+         switchInt(move _51) -> [0: bb16, 1: bb17, otherwise: bb7];
++         _51 = &mut ((*_49).0: &mut std::future::Ready<()>);
++         _47 = copy ((*_49).0: &mut std::future::Ready<()>);
++         StorageDead(_51);
++         StorageDead(_48);
++         _46 = &mut ((*_47).0: std::option::Option<()>);
++         StorageLive(_52);
++         _52 = Option::<()>::None;
++         _45 = copy ((*_47).0: std::option::Option<()>);
++         ((*_47).0: std::option::Option<()>) = copy _52;
++         StorageDead(_52);
++         StorageDead(_46);
++         StorageLive(_53);
++         _53 = discriminant(_45);
++         switchInt(move _53) -> [0: bb16, 1: bb17, otherwise: bb7];
       }
 
 -     bb6 (cleanup): {
@@ -350,17 +354,17 @@
 +     }
 + 
 +     bb16: {
-+         _52 = option::expect_failed(const "`Ready` polled after completion") -> bb11;
++         _54 = option::expect_failed(const "`Ready` polled after completion") -> bb11;
 +     }
 + 
 +     bb17: {
 +         _44 = move ((_45 as Some).0: ());
-+         StorageDead(_51);
++         StorageDead(_53);
 +         StorageDead(_45);
 +         _18 = Poll::<()>::Ready(move _44);
 +         StorageDead(_44);
-+         StorageDead(_52);
-+         StorageDead(_48);
++         StorageDead(_54);
++         StorageDead(_49);
 +         StorageDead(_47);
 +         StorageDead(_22);
 +         StorageDead(_19);

tests/ui/typeck/pin-unsound-issue-85099-derefmut.rs

@@ -1,5 +1,4 @@
-//@ check-pass
-//@ known-bug: #85099
+//@ check-fail
 
 // Should fail. Can coerce `Pin<T>` into `Pin<U>` where
 // `T: Deref<Target: Unpin>` and `U: Deref<Target: !Unpin>`, using the
@@ -43,6 +42,7 @@ impl<'a, Fut: Future<Output = ()>> SomeTrait<'a, Fut> for Fut {
 }
 
 impl<'b, 'a, Fut> DerefMut for Pin<&'b dyn SomeTrait<'a, Fut>> {
+//~^ ERROR: conflicting implementations of trait `DerefMut`
     fn deref_mut<'c>(
         self: &'c mut Pin<&'b dyn SomeTrait<'a, Fut>>,
     ) -> &'c mut (dyn SomeTrait<'a, Fut> + 'b) {

tests/ui/typeck/pin-unsound-issue-85099-derefmut.stderr

@@ -0,0 +1,14 @@
+error[E0119]: conflicting implementations of trait `DerefMut` for type `Pin<&dyn SomeTrait<'_, _>>`
+  --> $DIR/pin-unsound-issue-85099-derefmut.rs:44:1
+   |
+LL | impl<'b, 'a, Fut> DerefMut for Pin<&'b dyn SomeTrait<'a, Fut>> {
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = note: conflicting implementation in crate `core`:
+           - impl<Ptr> DerefMut for Pin<Ptr>
+             where <pin::hidden::PinHelper<Ptr> as Deref>::Target == <Pin<Ptr> as Deref>::Target, Ptr: Deref, pin::hidden::PinHelper<Ptr>: DerefMut, pin::hidden::PinHelper<Ptr>: ?Sized;
+   = note: upstream crates may add a new impl of trait `std::ops::DerefMut` for type `std::pin::hidden::PinHelper<&dyn SomeTrait<'_, _>>` in future versions
+
+error: aborting due to 1 previous error
+
+For more information about this error, try `rustc --explain E0119`.