Add access guards to UnsafeCell
#219
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
Darksonn
reviewed
Jul 20, 2021
Comment on lines
+25
to
+29
| /// Any number of [`ConstPtr`]s may concurrently access a given [`UnsafeCell`]. | ||
| /// However, if the [`UnsafeCell`] is accessed mutably (by | ||
| /// [`UnsafeCell::with_mut`] or [`UnsafeCell::get_mut`]) while a [`ConstPtr`] | ||
| /// exists, Loom will detect the concurrent mutable and immutable accesses and | ||
| /// panic. |
There was a problem hiding this comment.
while a
ConstPtrexists
This is stronger than necessary. If you never use the ConstPtr again after the mutable access, then it is sound.
There was a problem hiding this comment.
that's correct; the checking performed here is too strict, and it will fail on some access patterns that are actually valid. however, i don't really think there's a practical way to do finer-grained checking in loom. something like miri could probably do it, but a library like loom essentially only has two ways of tracking the duration of an access: a closure, like the existing with API, and RAII.
i think it's fine for this API to reject some valid accesses, as long as that's clearly documented. code which requires more fine-grained interleaving of accesses shouldn't use this API.
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
hawkw
changed the title
UnsafeCell UnsafeCell
|
Anything I can do to help move this forwards? It would be really nice to have... (cc @carllerche) |
Signed-off-by: Eliza Weisman <[email protected]>
carllerche
approved these changes
Dec 3, 2021
hawkw
added a commit
that referenced
this pull request
Dec 3, 2021
hawkw
added a commit
to hawkw/thingbuf
that referenced
this pull request
Dec 7, 2021
hawkw
added a commit
to hawkw/mycelium
that referenced
this pull request
Jan 2, 2022
The new Loom version 0.5.4 has new APIs (see tokio-rs/loom#219) that make it possible to correctly simulate things that hand out `UnsafeCell` pointers where the mutable/immutable access outlives a closure. This makes it possible to have more correct tests for things like our `Mutex` implementation.
hawkw
added a commit
to hawkw/mycelium
that referenced
this pull request
Jan 2, 2022
The new Loom version 0.5.4 has new APIs (see tokio-rs/loom#219) that make it possible to correctly simulate things that hand out `UnsafeCell` pointers where the mutable/immutable access outlives a closure. This makes it possible to have more correct tests for things like our `Mutex` implementation.
hawkw
added a commit
to hawkw/mycelium
that referenced
this pull request
Jan 2, 2022
The new Loom version 0.5.4 has new APIs (see tokio-rs/loom#219) that make it possible to correctly simulate things that hand out `UnsafeCell` pointers where the mutable/immutable access outlives a closure. This makes it possible to have more correct tests for things like our `Mutex` implementation.
hawkw
added a commit
to hawkw/mycelium
that referenced
this pull request
Jan 2, 2022
The new Loom version 0.5.4 has new APIs (see tokio-rs/loom#219) that make it possible to correctly simulate things that hand out `UnsafeCell` pointers where the mutable/immutable access outlives a closure. This makes it possible to have more correct tests for things like our `Mutex` implementation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This branch adds the ability to access an
UnsafeCellby returning a guard that tracks the lifetime of an*mut Tor*const T. This allows pointers toUnsafeCells to be stored in data structures, or returned as part of a guard in user code, while still participating in Loom's access tracking.This branch still needs some tests & docs improvements, but I'm opening it as a draft for now to make sure this is the right approach.