-
Notifications
You must be signed in to change notification settings - Fork 826
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unsound call of set_var
#1664
Unsound call of set_var
#1664
Conversation
af7d167
to
c49b987
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not really convinced this abstraction pulls its weight compared to the approach in #1651 , it doesn't really internalize any safety invariants
I didn't know how sensitive miri was to detecting the UB, so an own module and test seemed appropriate. I agree and have removed it, deferring to #1651 to resolve this issue. |
c49b987
to
3f0adc9
Compare
Thanks a lot for opening the PR and contributing either ways! 🤗 |
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM had no idea set var was unsafe, we might add this mirin check to our CI!
…unsafe It is generally not safe to set env variables. The correct way to set a config value that needs to be overridden is to hold a copy internal to the library and only read from the environment.
3f0adc9
to
5e25a91
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 🤗
There have been multiple attempts to communicate that the pattern
&mut *(&T as *const T as *mut T)
is not sound, as in #1485 .This is the most straightforward modification of the code that passesSee #1651 for the fix.cargo miri
.To detect the unsoundness, the parallelism must be turned off under miri, otherwise it falls over because of some unrelated issue in
crossbeam-epoch
:There
are two soundness issuesis one soundness issue fix and one code cleanup in this PR.The
firstsoundness issueis transforming & to &mut, the secondis hidden by the fact that std until recently had a safeenv::set_var
function. This was a breaking change and is as of now an unsafe function to call.Lastly, some elided lifetimes were making it quite hard to see whether the use of
RefMutContainer
as mentioned in #1612 was sound. It does not seem to be unsound.