Review feedback: Adding test cases suggested by arielb1.

This commit is contained in:
Felix S. Klock II 2018-05-23 11:21:01 +02:00
parent 324ced89e8
commit 9d5cdc958d
4 changed files with 146 additions and 0 deletions

View File

@ -0,0 +1,43 @@
// Copyright 2018 The Rust Project Developers. See the COPYRIGHT
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
// This is testing an attempt to corrupt the discriminant of the match
// arm in a guard, followed by an attempt to continue matching on that
// corrupted discriminant in the remaining match arms.
//
// Basically this is testing that our new NLL feature of emitting a
// fake read on each match arm is catching cases like this.
//
// This case is interesting because it includes a guard that
// diverges, and therefore a single final fake-read at the very end
// after the final match arm would not suffice.
#![feature(nll)]
struct ForceFnOnce;
fn main() {
let mut x = &mut Some(&2);
let force_fn_once = ForceFnOnce;
match x {
&mut None => panic!("unreachable"),
&mut Some(&_) if {
// ForceFnOnce needed to exploit #27282
(|| { *x = None; drop(force_fn_once); })();
//~^ ERROR closure requires unique access to `x` but it is already borrowed [E0500]
false
} => {}
&mut Some(&a) if { // this binds to garbage if we've corrupted discriminant
println!("{}", a);
panic!()
} => {}
_ => panic!("unreachable"),
}
}

View File

@ -0,0 +1,25 @@
error[E0500]: closure requires unique access to `x` but it is already borrowed
--> $DIR/issue-27282-mutate-before-diverging-arm-1.rs:33:14
|
LL | match x {
| _____-
| |_____|
| ||
LL | || &mut None => panic!("unreachable"),
LL | || &mut Some(&_) if {
LL | || // ForceFnOnce needed to exploit #27282
LL | || (|| { *x = None; drop(force_fn_once); })();
| || ^^ - borrow occurs due to use of `x` in closure
| || |
| || closure construction occurs here
... ||
LL | || _ => panic!("unreachable"),
LL | || }
| || -
| ||_____|
| |______borrow occurs here
| borrow later used here
error: aborting due to previous error
For more information about this error, try `rustc --explain E0500`.

View File

@ -0,0 +1,52 @@
// Copyright 2018 The Rust Project Developers. See the COPYRIGHT
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
// This is testing an attempt to corrupt the discriminant of the match
// arm in a guard, followed by an attempt to continue matching on that
// corrupted discriminant in the remaining match arms.
//
// Basically this is testing that our new NLL feature of emitting a
// fake read on each match arm is catching cases like this.
//
// This case is interesting because it includes a guard that
// diverges, and therefore a single final fake-read at the very end
// after the final match arm would not suffice.
//
// It is also interesting because the access to the corrupted data
// occurs in the pattern-match itself, and not in the guard
// expression.
#![feature(nll)]
struct ForceFnOnce;
fn main() {
let mut x = &mut Some(&2);
let force_fn_once = ForceFnOnce;
match x {
&mut None => panic!("unreachable"),
&mut Some(&_)
if {
// ForceFnOnce needed to exploit #27282
(|| { *x = None; drop(force_fn_once); })();
//~^ ERROR closure requires unique access to `x` but it is already borrowed [E0500]
false
} => {}
// this segfaults if we corrupted the discriminant, because
// the compiler gets to *assume* that it cannot be the `None`
// case, even though that was the effect of the guard.
&mut Some(&2)
if {
panic!()
} => {}
_ => panic!("unreachable"),
}
}

View File

@ -0,0 +1,26 @@
error[E0500]: closure requires unique access to `x` but it is already borrowed
--> $DIR/issue-27282-mutate-before-diverging-arm-2.rs:38:18
|
LL | match x {
| _____-
| |_____|
| ||
LL | || &mut None => panic!("unreachable"),
LL | || &mut Some(&_)
LL | || if {
LL | || // ForceFnOnce needed to exploit #27282
LL | || (|| { *x = None; drop(force_fn_once); })();
| || ^^ - borrow occurs due to use of `x` in closure
| || |
| || closure construction occurs here
... ||
LL | || _ => panic!("unreachable"),
LL | || }
| || -
| ||_____|
| |______borrow occurs here
| borrow later used here
error: aborting due to previous error
For more information about this error, try `rustc --explain E0500`.