Functions in const declarations ignore lifetimes, mutability, violate memory safety

[lilyball]

Functions defined inside of const declarations seem to ignore all lifetimes and mutability. This allows for massively violating the safety guarantees of Rust:

// Let's try moving out of a reference
const MOVE: fn(&String) -> String = {
    fn broken(x: &String) -> String {
        return *x
    }
    broken
};

// How about mutating an immutable vector?
const MUTATE: fn(&Vec<String>) = {
    fn broken(x: &Vec<String>) {
        x.push(format!("this is broken"));
    }
    broken
};

// Returning local references?
struct DropString {
    inner: String
}
impl Drop for DropString {
    fn drop(&mut self) {
        self.inner.clear();
        self.inner.push_str("dropped");
    }
}
const LOCAL_REF: fn() -> &'static str = {
    fn broken() -> &'static str {
        let local = DropString { inner: format!("Some local string") };
        return &local.inner;
    }
    broken
};

fn main() {
    // And yes, it all actually works
    let s = format!("some string");
    let s_moved = (MOVE)(&s);
    println!("s_moved: {}", s_moved);

    let v = vec![format!("immutable"), format!("vector")];
    (MUTATE)(&v);
    println!("mutated: {:?}", v);

    let local_ref = (LOCAL_REF)();
    println!("local_ref: {}", local_ref);
}

[steveklabnik]

Nominating, this seems incredibly serious.

[lilyball]

According to @eddyb it seems that the borrowck Visitor isn't bothering to walk statics/consts (see borrowck/mod.rs). Presumably this code was never updated when it became possible to use blocks as the initializer expression.

[nikomatsakis]

Um, yeah, not good. I'll investigate soonish, presuming @eddyb doesn't get there first.

[pnkfelix]

P-back-compatlang, 1.0 beta