Restrict Allocator impl to &'static A

Arbitrary &'_ Allocators cannot satisfy the safety requirement that
memory blocks returned by an Allocator must remain valid until the
instance and all of its clones are dropped. &'static Allocators can
still satisfy this safety requirement because their lifetime ensures
that they are never moved or dropped.

Author: djkoloski

library/core/src/alloc/mod.rs

@@ -351,7 +351,7 @@ pub unsafe trait Allocator {
 }
 
 #[unstable(feature = "allocator_api", issue = "32838")]
-unsafe impl<A> Allocator for &A
+unsafe impl<A> Allocator for &'static A
 where
     A: Allocator + ?Sized,
 {

library/std/src/alloc.rs

@@ -189,7 +189,7 @@ impl System {
             old_size => unsafe {
                 let new_ptr = self.alloc_impl(new_layout, zeroed)?;
                 ptr::copy_nonoverlapping(ptr.as_ptr(), new_ptr.as_mut_ptr(), old_size);
-                Allocator::deallocate(&self, ptr, old_layout);
+                Allocator::deallocate(self, ptr, old_layout);
                 Ok(new_ptr)
             },
         }
@@ -256,7 +256,7 @@ unsafe impl Allocator for System {
         match new_layout.size() {
             // SAFETY: conditions must be upheld by the caller
             0 => unsafe {
-                Allocator::deallocate(&self, ptr, old_layout);
+                Allocator::deallocate(self, ptr, old_layout);
                 Ok(NonNull::slice_from_raw_parts(new_layout.dangling(), 0))
             },
 
@@ -276,9 +276,9 @@ unsafe impl Allocator for System {
             // `new_ptr`. Thus, the call to `copy_nonoverlapping` is safe. The safety contract
             // for `dealloc` must be upheld by the caller.
             new_size => unsafe {
-                let new_ptr = Allocator::allocate(&self, new_layout)?;
+                let new_ptr = Allocator::allocate(self, new_layout)?;
                 ptr::copy_nonoverlapping(ptr.as_ptr(), new_ptr.as_mut_ptr(), new_size);
-                Allocator::deallocate(&self, ptr, old_layout);
+                Allocator::deallocate(self, ptr, old_layout);
                 Ok(new_ptr)
             },
         }

src/test/ui/box/leak-alloc.rs renamed to src/test/ui/box/alloc-static.rs

@@ -19,11 +19,12 @@ unsafe impl Allocator for Alloc {
 
 fn use_value(_: u32) {}
 
+const GLOBAL_ALLOC: Alloc = Alloc {};
+
 fn main() {
+    let boxed_global = Box::new_in(10, &GLOBAL_ALLOC);
+
     let alloc = Alloc {};
-    let boxed = Box::new_in(10, alloc.by_ref());
-    let theref = Box::leak(boxed);
-    drop(alloc);
-    //~^ ERROR cannot move out of `alloc` because it is borrowed
-    use_value(*theref)
+    let boxed = Box::new_in(10, &alloc);
+    //~^ ERROR `alloc` does not live long enough
 }

src/test/ui/box/alloc-static.stderr

@@ -0,0 +1,15 @@
+error[E0597]: `alloc` does not live long enough
+  --> $DIR/alloc-static.rs:28:33
+   |
+LL |     let boxed = Box::new_in(10, &alloc);
+   |                 ----------------^^^^^^-
+   |                 |               |
+   |                 |               borrowed value does not live long enough
+   |                 argument requires that `alloc` is borrowed for `'static`
+LL |
+LL | }
+   | - `alloc` dropped here while still borrowed
+
+error: aborting due to previous error
+
+For more information about this error, try `rustc --explain E0597`.