Protocol violations in libstd and miri's test suite

Exclusive UnsafeCell (AtomicBool::get_mut)

pub fn get_mut(&mut self) -> &mut bool {
    unsafe { &mut *(self.v.get() as *mut bool) }
}
The get here is UnsafeCell::get which returns a raw ptr, so the self borrow is very short. Once we turn the returned ptr into a ref again, we have two overlapping mutable reference.
(Found because miri ran into it.)

passing ownership via raw ptrs (mem::swap, Vec::into_boxed_slice, std::panicking::try::do_call)

pub fn swap<T>(x: &mut T, y: &mut T) {
    unsafe {
        ptr::swap_nonoverlapping(x, y, 1);
    }
}
swap_nonoverlapping takes raw pointers, so the write lock stays in swap. Similar for ptr::read.
(Found because miri ran into it.)

split_at_mut

    fn split_at_mut(&mut self, mid: usize) -> (&mut [T], &mut [T]) {
        let len = self.len();
        let ptr = self.as_mut_ptr();

        unsafe {
            assert!(mid <= len);

            (from_raw_parts_mut(ptr, mid),
             from_raw_parts_mut(ptr.offset(mid as isize), len - mid))
        }
    }
from_raw_parts_mut returns a mutable reference overlapping with self.
(Found because I was pointed to it.)

Box::from_raw

More raw ptr trouble — it transmutes to a reference, so locks get acquired, but ownership was not transferred in.

RawVec::into_box

    pub unsafe fn into_box(self) -> Box<[T]> {
        // NOTE: not calling `cap()` here, actually using the real `cap` field!
        let slice = slice::from_raw_parts_mut(self.ptr(), self.cap);
        let output: Box<[T]> = Box::from_raw(slice);
        mem::forget(self);
        output
    }
slice and output alias. Again an instance of raw ptr being passed to Box::from_raw.

Ordering of StorageDead and EndRegion (rustc bug)

This code
fn slice_index() -> u8 {
    let arr: &[_] = &[101, 102, 103, 104, 105, 106];
    arr[5]
}
Results in MIR that does the following:
Validate(Suspend(ReScope(Remainder(BlockRemainder { block: NodeId(92), first_statement_index: 0 }))), [_4@[u8; 6]]);
_3 = &_4;
...