GAT's + associated type defaults may cause UB

[DutchGhost]

I tried this code:

#![feature(generic_associated_types)]
#![feature(associated_type_defaults)]

use core::ops::Deref;

trait UnsafeCopy {
    type Copy<T>: Copy = Box<T>;
    
    fn copy<T>(x: &Self::Copy<T>) -> Self::Copy<T> {
        *x
    }
}

impl <T> UnsafeCopy for T {}

fn main() {
    let b = Box::new(42usize);
    let copy = <()>::copy(&b);
    
    let raw_b = Box::deref(&b) as *const _;
    let raw_copy = Box::deref(&copy) as *const _;
    
    // assert the addresses.
    assert_eq!(raw_b, raw_copy);
}

I expected to see this happen: Getting some errors that Box<usize> does not satisfy the Copy bound.

Instead, this happened: The program compiled and resulted in a double free, b and copy both are of type Box<usize> and point to the same memory...

Meta

rustc --version --verbose:

1.47.0-nightly (2020-07-26 6c8927b0cf80ceee1938)

Backtrace

warning: 1 warning emitted

    Finished dev [unoptimized + debuginfo] target(s) in 0.80s
     Running `target/debug/playground`
free(): double free detected in tcache 2
timeout: the monitored command dumped core
/playground/tools/entrypoint.sh: line 11:     7 Aborted                 timeout --signal=KILL ${timeout} "$@"

This seems like some variation of #62211 and #68641

[steffahn]

I guess, this duplicates #74816.
(Especially with the comment that I added pretty much at the exact same time you created this issue).

[DutchGhost]

I guess, this duplicates #74816.
(Especially with the comment that I added pretty much at the exact same time you created this issue).

Yes, I noticed it haha. Perhaps splitting your original issue up in several issues is a good idea, though

[aDotInTheVoid]

Triage: this given an error, on nightly.

@rustbot modify labels +E-needs-test

@rustbot claim