stricter hidden type wf-check by aliemjay · Pull Request #115008 · rust-lang/rust (original) (raw)

This PR fixes a soundness hole, where we were failing to check that hidden types are actually well formed wrt to lifetimes. From a not-well formed hidden type you can easily satisfy trait bounds that make no sense and thus allow treating any lifetime as another lifetime that lives longer.

The implementation adds well-formedness predicates, which should always be sound and at worst a performance issue (#114933 does the same thing). In addition, during wf check of RPIT and async fn return types we do region checking of these opaques within their owning function, catching the remaining soundness bugs (which is what #114740 does).

I do not believe there is any possible risk with this PR, beyond causing breakage for benign code that just forgot some bounds somewhere. Crater showed 3 such cases, which all have PRs opened, with only one not having been noticed by the crate owners yet.

@rfcbot fcp merge