leak check in Coerce::unify_raw

BoxyUwU · BoxyUwU · commit dde25a65ef1a · 2025-10-30T15:06:07.000Z
This has two main effects:
1. we now leak check for closure-&gt;fnptr and fnptr-&gt;closure coercions
2. we now leak check normal subtyping in HIR typeck when going through coercions
diff --git a/compiler/rustc_hir_typeck/src/coercion.rs b/compiler/rustc_hir_typeck/src/coercion.rs
@@ -125,7 +125,9 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
 
     fn unify_raw(&self, a: Ty<'tcx>, b: Ty<'tcx>) -> InferResult<'tcx, Ty<'tcx>> {
         debug!("unify(a: {:?}, b: {:?}, use_lub: {})", a, b, self.use_lub);
-        self.commit_if_ok(|_| {
+        self.commit_if_ok(|snapshot| {
+            let outer_universe = self.infcx.universe();
+
             let at = self.at(&self.cause, self.fcx.param_env);
 
             let res = if self.use_lub {
@@ -138,7 +140,7 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
             // In the new solver, lazy norm may allow us to shallowly equate
             // more types, but we emit possibly impossible-to-satisfy obligations.
             // Filter these cases out to make sure our coercion is more accurate.
-            match res {
+            let res = match res {
                 Ok(InferOk { value, obligations }) if self.next_trait_solver() => {
                     let ocx = ObligationCtxt::new(self);
                     ocx.register_obligations(obligations);
@@ -149,7 +151,27 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
                     }
                 }
                 res => res,
-            }
+            };
+
+            // We leak check here mostly because lub operations are
+            // kind of scuffed around binders. Instead of computing an actual
+            // lub'd binder we instead:
+            // - Equate the binders
+            // - Return the lhs of the lub operation
+            //
+            // In order to actually ensure that equating the binders *does*
+            // result in equal binders, and that the lhs is actually a supertype
+            // of the rhs, we must perform a leak check here.
+            //
+            // Leak checking even when `use_lub` is false causes us to emit some
+            // errors in dead code where borrowck would otherwise not catch the
+            // subtyping errors. This is not soundness critical.
+            //
+            // FIXME: Ideally the actual `eq/sub/lub` would handle leak checks
+            // themselves whenever a binder is entered.
+            self.leak_check(outer_universe, Some(snapshot))?;
+
+            res
         })
     }
 
@@ -805,39 +827,25 @@ impl<'f, 'tcx> Coerce<'f, 'tcx> {
     ) -> CoerceResult<'tcx> {
         debug_assert!(self.shallow_resolve(b) == b);
 
-        self.commit_if_ok(|snapshot| {
-            let outer_universe = self.infcx.universe();
-
-            let result = if let ty::FnPtr(_, hdr_b) = b.kind()
-                && fn_ty_a.safety().is_safe()
-                && hdr_b.safety.is_unsafe()
-            {
-                let unsafe_a = self.tcx.safe_to_unsafe_fn_ty(fn_ty_a);
-                self.unify_and(
-                    unsafe_a,
-                    b,
-                    adjustment
-                        .map(|kind| Adjustment { kind, target: Ty::new_fn_ptr(self.tcx, fn_ty_a) }),
-                    Adjust::Pointer(PointerCoercion::UnsafeFnPointer),
-                )
-            } else {
-                let a = Ty::new_fn_ptr(self.tcx, fn_ty_a);
-                match adjustment {
-                    Some(adjust) => self.unify_and(a, b, [], adjust),
-                    None => self.unify(a, b),
-                }
-            };
-
-            // FIXME(#73154): This is a hack. Currently LUB can generate
-            // unsolvable constraints. Additionally, it returns `a`
-            // unconditionally, even when the "LUB" is `b`. In the future, we
-            // want the coerced type to be the actual supertype of these two,
-            // but for now, we want to just error to ensure we don't lock
-            // ourselves into a specific behavior with NLL.
-            self.leak_check(outer_universe, Some(snapshot))?;
-
-            result
-        })
+        if let ty::FnPtr(_, hdr_b) = b.kind()
+            && fn_ty_a.safety().is_safe()
+            && hdr_b.safety.is_unsafe()
+        {
+            let unsafe_a = self.tcx.safe_to_unsafe_fn_ty(fn_ty_a);
+            self.unify_and(
+                unsafe_a,
+                b,
+                adjustment
+                    .map(|kind| Adjustment { kind, target: Ty::new_fn_ptr(self.tcx, fn_ty_a) }),
+                Adjust::Pointer(PointerCoercion::UnsafeFnPointer),
+            )
+        } else {
+            let a = Ty::new_fn_ptr(self.tcx, fn_ty_a);
+            match adjustment {
+                Some(adjust) => self.unify_and(a, b, [], adjust),
+                None => self.unify(a, b),
+            }
+        }
     }
 
     fn coerce_from_fn_pointer(
diff --git a/tests/ui/coercion/leak_check_normal_sub.rs b/tests/ui/coercion/leak_check_normal_sub.rs
@@ -0,0 +1,13 @@
+struct Foo<T>(T);
+
+fn mk<T>() -> T {
+    loop {}
+}
+
+fn lub_deep_binder() {
+    loop {}
+    let a: Foo<for<'a> fn(&'a ())> = mk::<Foo<fn(&'static ())>>();
+    //~^ ERROR: mismatched types
+}
+
+fn main() {}
diff --git a/tests/ui/coercion/leak_check_normal_sub.stderr b/tests/ui/coercion/leak_check_normal_sub.stderr
@@ -0,0 +1,14 @@
+error[E0308]: mismatched types
+  --> $DIR/leak_check_normal_sub.rs:9:38
+   |
+LL |     let a: Foo<for<'a> fn(&'a ())> = mk::<Foo<fn(&'static ())>>();
+   |            -----------------------   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ one type is more general than the other
+   |            |
+   |            expected due to this
+   |
+   = note: expected struct `Foo<for<'a> fn(&'a ())>`
+              found struct `Foo<fn(&'static ())>`
+
+error: aborting due to 1 previous error
+
+For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.deadcode.stderr b/tests/ui/coercion/leak_check_single_to_fnptr.deadcode.stderr
@@ -0,0 +1,40 @@
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:25:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fndef;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found fn item `fn(&'static ()) {static_fndef}`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:28:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fnptr;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+              found fn pointer `fn(&())`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:31:39
+   |
+LL |     let a_closure = |_: &'static ()| {};
+   |                     ---------------- the found closure
+...
+LL |     let _target: for<'a> fn(&'a ()) = a_closure;
+   |                  ------------------   ^^^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found closure `{closure@$DIR/leak_check_single_to_fnptr.rs:21:21: 21:37}`
+   = note: closure has signature: `fn(&'static ())`
+
+error: aborting due to 3 previous errors
+
+For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.livecode.stderr b/tests/ui/coercion/leak_check_single_to_fnptr.livecode.stderr
@@ -0,0 +1,40 @@
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:25:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fndef;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found fn item `fn(&'static ()) {static_fndef}`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:28:39
+   |
+LL |     let _target: for<'a> fn(&'a ()) = a_fnptr;
+   |                  ------------------   ^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+              found fn pointer `fn(&())`
+
+error[E0308]: mismatched types
+  --> $DIR/leak_check_single_to_fnptr.rs:31:39
+   |
+LL |     let a_closure = |_: &'static ()| {};
+   |                     ---------------- the found closure
+...
+LL |     let _target: for<'a> fn(&'a ()) = a_closure;
+   |                  ------------------   ^^^^^^^^^ one type is more general than the other
+   |                  |
+   |                  expected due to this
+   |
+   = note: expected fn pointer `for<'a> fn(&'a ())`
+                 found closure `{closure@$DIR/leak_check_single_to_fnptr.rs:21:21: 21:37}`
+   = note: closure has signature: `fn(&'static ())`
+
+error: aborting due to 3 previous errors
+
+For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/coercion/leak_check_single_to_fnptr.rs b/tests/ui/coercion/leak_check_single_to_fnptr.rs
@@ -0,0 +1,36 @@
+//@ revisions: livecode deadcode
+
+// When coercing to a fnptr check that we leak check when relating
+// the signatures. Previously we only leak checked for fnptr/fndef
+// to fnptr coercions, but not closure to fnptr coercions. This
+// resulted in closure to fnptr coercions not erroring in dead code
+// when equivalent code with fndefs/fnptrs would error.
+//
+// Outside of dead code all cases wind up erroring in borrowck so this
+// is not a soundness concern.
+
+fn mk<T>() -> T {
+    loop {}
+}
+
+fn static_fndef(_: &'static ()) {}
+
+fn one_way_coerce() {
+    let a_fndef = static_fndef;
+    let a_fnptr = mk::<fn(&'static ())>();
+    let a_closure = |_: &'static ()| {};
+
+    #[cfg(deadcode)]
+    loop {}
+    let _target: for<'a> fn(&'a ()) = a_fndef;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+    let _target: for<'a> fn(&'a ()) = a_fnptr;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+    let _target: for<'a> fn(&'a ()) = a_closure;
+    //[livecode]~^ ERROR: mismatched types
+    //[deadcode]~^^ ERROR: mismatched types
+}
+
+fn main() {}
diff --git a/tests/ui/const-generics/invariant.stderr b/tests/ui/const-generics/invariant.stderr
@@ -15,11 +15,13 @@ LL | impl SadBee for fn(&'static ()) {
 error[E0308]: mismatched types
   --> $DIR/invariant.rs:25:5
    |
+LL | fn covariant(v: &'static Foo<for<'a> fn(&'a ())>) -> &'static Foo<fn(&'static ())> {
+   |                                                      ----------------------------- expected `&'static Foo<fn(&'static ())>` because of return type
 LL |     v
    |     ^ one type is more general than the other
    |
-   = note: expected reference `&Foo<fn(&())>`
-              found reference `&Foo<for<'a> fn(&'a ())>`
+   = note: expected reference `&'static Foo<fn(&'static ())>`
+              found reference `&'static Foo<for<'a> fn(&'a ())>`
 
 error: aborting due to 1 previous error; 1 warning emitted
 
diff --git a/tests/ui/higher-ranked/higher-ranked-lifetime-equality.rs b/tests/ui/higher-ranked/higher-ranked-lifetime-equality.rs
@@ -33,6 +33,5 @@ fn main() {
     foo.deref();
     let foo: Foo<Two> = foo;
     //~^ ERROR mismatched types [E0308]
-    //~| ERROR mismatched types [E0308]
     foo.deref();
 }
diff --git a/tests/ui/higher-ranked/higher-ranked-lifetime-equality.stderr b/tests/ui/higher-ranked/higher-ranked-lifetime-equality.stderr
@@ -2,21 +2,13 @@ error[E0308]: mismatched types
   --> $DIR/higher-ranked-lifetime-equality.rs:34:25
    |
 LL |     let foo: Foo<Two> = foo;
-   |                         ^^^ one type is more general than the other
+   |              --------   ^^^ one type is more general than the other
+   |              |
+   |              expected due to this
    |
    = note: expected struct `my_api::Foo<for<'a, 'b> fn(&'a (), &'b ())>`
               found struct `my_api::Foo<for<'a> fn(&'a (), &'a ())>`
 
-error[E0308]: mismatched types
-  --> $DIR/higher-ranked-lifetime-equality.rs:34:25
-   |
-LL |     let foo: Foo<Two> = foo;
-   |                         ^^^ one type is more general than the other
-   |
-   = note: expected struct `my_api::Foo<for<'a, 'b> fn(&'a (), &'b ())>`
-              found struct `my_api::Foo<for<'a> fn(&'a (), &'a ())>`
-   = note: duplicate diagnostic emitted due to `-Z deduplicate-diagnostics=no`
-
-error: aborting due to 2 previous errors
+error: aborting due to 1 previous error
 
 For more information about this error, try `rustc --explain E0308`.
diff --git a/tests/ui/higher-ranked/leak-check/candidate-from-env-universe-err-project.next.stderr b/tests/ui/higher-ranked/leak-check/candidate-from-env-universe-err-project.next.stderr
@@ -10,20 +10,19 @@ note: required by a bound in `projection_bound`
 LL | fn projection_bound<T: for<'a> Trait<'a, Assoc = usize>>() {}
    |                                          ^^^^^^^^^^^^^ required by this bound in `projection_bound`
 
-error: higher-ranked subtype error
-  --> $DIR/candidate-from-env-universe-err-project.rs:52:30
+error[E0308]: mismatched types
+  --> $DIR/candidate-from-env-universe-err-project.rs:52:68
    |
 LL |     let _higher_ranked_norm: for<'a> fn(<T as Trait<'a>>::Assoc) = |_| ();
-   |                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-error: higher-ranked subtype error
-  --> $DIR/candidate-from-env-universe-err-project.rs:52:30
-   |
-LL |     let _higher_ranked_norm: for<'a> fn(<T as Trait<'a>>::Assoc) = |_| ();
-   |                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |                              -----------------------------------   ^^^^^^ one type is more general than the other
+   |                              |
+   |                              expected due to this
    |
-   = note: duplicate diagnostic emitted due to `-Z deduplicate-diagnostics=no`
+   = note: expected fn pointer `fn(usize)`
+                 found closure `{closure@$DIR/candidate-from-env-universe-err-project.rs:52:68: 52:71}`
+   = note: closure has signature: `fn(usize)`
 
-error: aborting due to 3 previous errors
+error: aborting due to 2 previous errors
 
-For more information about this error, try `rustc --explain E0271`.
+Some errors have detailed explanations: E0271, E0308.
+For more information about an error, try `rustc --explain E0271`.
diff --git a/tests/ui/higher-ranked/leak-check/candidate-from-env-universe-err-project.rs b/tests/ui/higher-ranked/leak-check/candidate-from-env-universe-err-project.rs
@@ -50,9 +50,8 @@ fn function3<T: Trait<'static, Assoc = usize>>() {
     // leak check during candidate selection for normalization, this
     // case would still not compile.
     let _higher_ranked_norm: for<'a> fn(<T as Trait<'a>>::Assoc) = |_| ();
-    //[next]~^ ERROR higher-ranked subtype error
-    //[next]~| ERROR higher-ranked subtype error
-    //[current]~^^^ ERROR mismatched types
+    //[next]~^ ERROR mismatched types
+    //[current]~^^ ERROR mismatched types
     //[current]~| ERROR mismatched types
 }
 
diff --git a/tests/ui/higher-ranked/subtype/hr-subtype.bound_a_b_ret_a_vs_bound_a_ret_a.stderr b/tests/ui/higher-ranked/subtype/hr-subtype.bound_a_b_ret_a_vs_bound_a_ret_a.stderr
@@ -1,15 +1,22 @@
 error[E0308]: mismatched types
-  --> $DIR/hr-subtype.rs:54:13
+  --> $DIR/hr-subtype.rs:54:26
    |
 LL |               gimme::<$t1>(None::<$t2>);
-   |               ^^^^^^^^^^^^^^^^^^^^^^^^^ one type is more general than the other
+   |               ------------ ^^^^^^^^^^^ one type is more general than the other
+   |               |
+   |               arguments to this function are incorrect
 ...
 LL | / check! { bound_a_b_ret_a_vs_bound_a_ret_a: (for<'a,'b> fn(&'a u32, &'b u32) -> &'a u32,
 LL | | for<'a>    fn(&'a u32, &'a u32) -> &'a u32) }
    | |_____________________________________________- in this macro invocation
    |
    = note: expected enum `Option<for<'a, 'b> fn(&'a _, &'b _) -> &'a _>`
               found enum `Option<for<'a> fn(&'a _, &'a _) -> &'a _>`
+note: function defined here
+  --> $DIR/hr-subtype.rs:30:4
+   |
+LL | fn gimme<T>(_: Option<T>) {}
+   |    ^^^^^    ------------
    = note: this error originates in the macro `check` (in Nightly builds, run with -Z macro-backtrace for more info)
 
 error: aborting due to 1 previous error
diff --git a/tests/ui/higher-ranked/subtype/hr-subtype.bound_a_vs_free_x.stderr b/tests/ui/higher-ranked/subtype/hr-subtype.bound_a_vs_free_x.stderr
@@ -1,15 +1,22 @@
 error[E0308]: mismatched types
-  --> $DIR/hr-subtype.rs:54:13
+  --> $DIR/hr-subtype.rs:54:26
    |
 LL |               gimme::<$t1>(None::<$t2>);
-   |               ^^^^^^^^^^^^^^^^^^^^^^^^^ one type is more general than the other
+   |               ------------ ^^^^^^^^^^^ one type is more general than the other
+   |               |
+   |               arguments to this function are incorrect
 ...
 LL | / check! { bound_a_vs_free_x: (for<'a> fn(&'a u32),
 LL | | fn(&'x u32)) }
    | |______________- in this macro invocation
    |
    = note: expected enum `Option<for<'a> fn(&'a _)>`
-              found enum `Option<fn(&_)>`
+              found enum `Option<fn(&'x _)>`
+note: function defined here
+  --> $DIR/hr-subtype.rs:30:4
+   |
+LL | fn gimme<T>(_: Option<T>) {}
+   |    ^^^^^    ------------
    = note: this error originates in the macro `check` (in Nightly builds, run with -Z macro-backtrace for more info)
 
 error: aborting due to 1 previous error
diff --git a/tests/ui/higher-ranked/subtype/hr-subtype.bound_inv_a_b_vs_bound_inv_a.stderr b/tests/ui/higher-ranked/subtype/hr-subtype.bound_inv_a_b_vs_bound_inv_a.stderr
diff --git a/tests/ui/higher-ranked/subtype/hr-subtype.rs b/tests/ui/higher-ranked/subtype/hr-subtype.rs

Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,13 @@ LL \| impl SadBee for fn(&'static ()) {`
`15`	`15`	`error[E0308]: mismatched types`
`16`	`16`	`--> $DIR/invariant.rs:25:5`
`17`	`17`	`\|`
	`18`	`+LL \| fn covariant(v: &'static Foo<for<'a> fn(&'a ())>) -> &'static Foo<fn(&'static ())> {`
	`19`	+ \| ----------------------------- expected `&'static Foo<fn(&'static ())>` because of return type
`18`	`20`	`LL \| v`
`19`	`21`	`\| ^ one type is more general than the other`
`20`	`22`	`\|`
`21`		- = note: expected reference `&Foo<fn(&())>`
`22`		- found reference `&Foo<for<'a> fn(&'a ())>`
	`23`	+ = note: expected reference `&'static Foo<fn(&'static ())>`
	`24`	+ found reference `&'static Foo<for<'a> fn(&'a ())>`
`23`	`25`
`24`	`26`	`error: aborting due to 1 previous error; 1 warning emitted`
`25`	`27`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,5 @@ fn main() {`
`33`	`33`	`foo.deref();`
`34`	`34`	`let foo: Foo<Two> = foo;`
`35`	`35`	`//~^ ERROR mismatched types [E0308]`
`36`		`- //~\| ERROR mismatched types [E0308]`
`37`	`36`	`foo.deref();`
`38`	`37`	`}`