fix(executor): uaf

[George-Miao]

This PR solves an UAF bug found by @fantix, and optimizes waking-up logic when a task has finished running and the JoinHandle is remotely polling at the same time.

[Copilot]

Pull request overview

Fixes a use-after-free in compio-executor task wake/scheduling teardown, and adjusts remote JoinHandle polling/waker-setting interactions to avoid races while also reducing unnecessary wake/spin behavior.

Changes:

• Reworks task teardown to null out Shared earlier and waits for in-flight remote scheduling before dropping Shared to prevent UAF.
• Tweaks remote polling waker-setting critical section to correctly handle “completed while setting waker” interleavings.
• Adds an enable_log feature for opt-in test logging and updates the dev shell inputs.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
flake.nix	Adds cargo-flamegraph (and reorders python315) in the dev shell inputs.
compio-executor/tests/executor.rs	Gates test log initialization behind feature = "enable_log" and inlines EnvFilter path.
compio-executor/src/task/remote.rs	Refines remote waker-setting logic to handle completion/cancellation during the critical section.
compio-executor/src/task/mod.rs	Removes busy-spin on SETTING_WAKER, changes wake conditions, nulls shared in Task::drop, and renames/repurposes teardown waiting API.
compio-executor/src/queue.rs	Updates executor teardown to call drop() then wait_for_scheduling() per drained task.
compio-executor/Cargo.toml	Introduces enable_log feature mapping to compio-log/enable_log; removes the prior dev-dep feature usage.

Comments suppressed due to low confidence (1)

compio-executor/src/task/mod.rs:321

• wait_for_scheduling assumes that new schedulers will “see the null pointer and return early”, but this function no longer nulls header.shared itself. To make this invariant harder to violate, consider either (a) moving the shared.store(null, Release) back into wait_for_scheduling, or (b) documenting/enforcing the precondition (e.g., a debug_assert!(header.shared.load(Relaxed).is_null())) so future call sites don’t accidentally reintroduce UAF risk.

    /// Wait for wakers to finish scheduling, if any. This is necessary for
    /// `Executor` to drop `Shared` since scheduling requires it.
    pub(crate) fn wait_for_scheduling(&self) {
        let header = self.header();

        // Wait for any ongoing scheduling to complete.
        // We MUST do this to prevent use-after-free when we drop Shared.
        // This is safe in Executor::drop context because:
        // 1. All tasks have been cleared, so no new scheduling from task execution
        // 2. Only external wakers (from other threads) might still be scheduling
        // 3. Those wakers will see the null pointer and return early
        // 4. We only need to wait for ones that already loaded the pointer
        while header.state.load::<Strong>().is_scheduling() {
            crate::hint::spin_loop();
        }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.