Skip to content

Heap-boxing primitives (Box.new, std.ffi.box_ctx) accept ephemeral T #600

Description

@ehartford

Summary

Heap-boxing primitives accept ephemeral type arguments, letting a borrowed view escape onto the heap with no diagnostic. The type-erased copy (via &raw const value + with_memcpy) hides the escape from effect analysis (the by-value param is classified read-only), so neither Box.new[T] nor std.ffi.box_ctx[T] rejects an ephemeral T.

Repro

type StrView = ephemeral { s: &str }
fn main:
    let owned = "hello"
    let v = StrView { s: owned }
    let b = Box.new(v)   // compiles; borrow now lives on the heap past its scope

Impact

Boxing a borrow-holding ephemeral produces a dangling reference once the borrow's scope ends. Noted in #436 (test plan called for err_ffi_box_ephemeral); the gap is shared with Box.new, so enforcing it only for box_ctx would be inconsistent. A principled fix should reject ephemeral T at both heap-boxing entry points.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions