Example 2 in Unsafe3 is not UB by Miri with tree-borrows

[zjp-CN]

[Noratrieb]

should probably specify that all the UB examples assume stacked borrows

[BoxyUwU]

I am allergic to trees, I can't borrow this issue.

[WaffleLapkin]

@zjp-CN do you have an idea of why this is allowed with tree borrows?

[zjp-CN]

I'm not familiar with aliasing rules. But https://perso.crans.org/vanille/treebor/range.html says

The first step to this is to observe that the tree of pointers is the same for an entire allocation since the parent-child relationship is global, and only the permissions have to be managed on a per-location basis. When an access is performed, pointers have their permissions updated only on the affected locations, so pointers performing accesses on disjoint ranges of memory do not cause aliasing UB. ... All of these involve using a pointer out of the bounds of its reborrow (but still within the bounds of its allocation), so in order to allow these Tree Borrows must have some tolerance with regards to using a pointer outside of the range it was reborrowed for. Tree Borrows’ solution is to not reborrow for the locations outside the range, but to maintain enough information so that whenever the location is accessed through a pointer for which it is out of range it can be initialized with a delay and receive the permissions it would have had if it had been reborrowed from the start.

Example2 seems able to be reduced to https://github.com/rust-lang/unsafe-code-guidelines/issues/134

// UB under stack borrows

//+ TB: NOT UB (Delayed initialization)
//+ Common pattern, it would be PREFERABLY NOT UB.
let val = [1u8, 2];
                                     // --- val: [Active, Active]
let ptr = &val[0] as *const u8;
                                     // --- val: [Active, Active]
                                     //     |--- ptr: [Frozen, Frozen?]
let _val = unsafe { *ptr.add(1) };
                                     // --- val: [Active, Active]
                                     //     |--- ptr: [Frozen, Frozen]

exactly what get_unchecked_mut in question does

// v.get_unchecked_mut(n)

unsafe impl<T> SliceIndex<[T]> for usize {
    #[inline]
    unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
        assert_unsafe_precondition!(
            check_language_ub,
            "slice::get_unchecked requires that the index is within the slice",
            (this: usize = self, len: usize = slice.len()) => this < len
        );
        // SAFETY: the caller guarantees that `slice` is not dangling, so it
        // cannot be longer than `isize::MAX`. They also guarantee that
        // `self` is in bounds of `slice` so `self` cannot overflow an `isize`,
        // so the call to `add` is safe.
        unsafe {
            // Use intrinsics::assume instead of hint::assert_unchecked so that we don't check the
            // precondition of this function twice.
            crate::intrinsics::assume(self < slice.len());
            slice.as_ptr().add(self)
        }
    }
    #[inline]
    unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
        assert_unsafe_precondition!(
            check_library_ub,
            "slice::get_unchecked_mut requires that the index is within the slice",
            (this: usize = self, len: usize = slice.len()) => this < len
        );
        // SAFETY: see comments for `get_unchecked` above.
        unsafe { slice.as_mut_ptr().add(self) }
    }
}

I think rust-quiz can include some code examples w.r.t stack & tree borrows.