Reading from the return place is fine by jonas-schievink · Pull Request #71005 · rust-lang/rust (original) (raw)

That is, a moved place passed as an argument and the return place are not allowed to alias, because/so that they may be passed by reference to the callee.

But what about

let _ptr = &raw mut _7; _7 = foo(ptr);

What exactly is foo allowed to do with ptr, how is that supposed to be checked by Miri, and for the allowed cases what is the correct behavior? Ideally there should be no crazy special cases for this in Miri.

(All of this will be a nightmare to test as I assume we cannot even generate such MIR.)

(optional) enforce that the places passed down don't overlap (not sure if Stacked Borrows wants to check e.g. references to the return place that may be in some argument)

That sounds like a special hack needs to be added to a bunch of places. So far, Miri has exactly one explicit check for whether things overlap, and that is to validate copy_nonoverlaping. The "mutable references may not overlap" is descriptive, not normative -- it arises as an emergent property from Stacked Borrows.

I feel something is very deeply wrong with any proposal that requires explicit overlap checks.

The easiest answer, I think, is to say that _tmp = foo(...) allocates some memory (just like we do for any other local of foo, _0 is currently the only local that we do not do this for), so that the return place definitely does not alias with anything. (We have no syntax for &_0, right?) Then, once foo returned, we copy the content of the return place to _tmp. That is easy to implement and even gets rid of a special hack that we currently need.

However, I do not know whether this accurately models our LLVM codegen.