Rust allows &mut aliasing on static mut variables

[archshift]

Simple example:

static mut oops: u32 = 0u32;

pub fn main() {
    let a = unsafe { &mut oops };
    let b = unsafe { &mut oops };
    *a = 1;
    println!("{}", *b);
}

I would expect Rust to disallow this type of code, or at least warn about it, but it simply allows the programmer to shoot himself in the foot.

[scottmcm]

The fact that you can't do this without unsafe is what I'd call warning about it. You could consider the unsafe like "allowing the cannot_prove_this_code_safe lint".

unsafe can easily get you &mut aliasing on non-globals too:

pub fn main() {
    let mut foo = 4;
    let oops = &mut foo as *mut _;
    let a = unsafe { &mut* oops }; // very bad
    let b = unsafe { &mut* oops }; //  much UB
    *a = 1;
    println!("{}", *b);
}

[cuviper]

While it may feel like the borrow checker could catch this local case, static mut references could alias from afar too -- from calls in distant parts of the stack, or even from separate threads.

[archshift]

Unfortunately, this isn’t even documented in the rust book. There’s a whole section on mutability in statics but no mention of the relaxed checks on them: namely mutable aliasing and the lack of a Sync requirement.

[Centril]

Closing based on #47756 (comment).