-
Notifications
You must be signed in to change notification settings - Fork 471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use UnsafeCell<MaybeUninit<T>>
in AtomicCell
#834
Conversation
79c4ae5
to
fea8898
Compare
I am a bit surprised to see this fix on the crossbeam side. I thought this should be fixed on the rustc side by fixing rust-lang/rust#87341? However, I think the same change is still needed in crossbeam, to fix the program that AtomicCell is unsound for types containing padding (#748). |
Also, Miri still fails on CI, since this still uses We need new language features to support atomic operations on |
I agree that this should be fixed on the rustc side. (However, AFAIK, until this PR was created, using
IIUC, that problem is about treating types containing uninitialized bytes as (initialized) integers, and what this PR does is to wrap types containing uninitialized bytes in
The test added in this PR uses
I'm working on implementing |
fea8898
to
cf35e36
Compare
Even if fixed in rustc, this crate would remain prone to data races/UB on stable for the next 11 weeks and on older compilers permanently. I think it's worth considering a fix in this crate even if a fix in rustc is happening. This isn't a theoretical "hypothetically a future rustc could miscompile your code because there is theoretically UB here" — it's already observably doing the wrong thing on code that's reasonably typical of real-world usage of this crate (putting The fact that this currently unavoidably breaks Separately we should definitely fix rustc, and also fix the standard library to make |
That is very hard at best. See rust-lang/rust#80158. |
I plan to release this in a patch version, considering that:
bors r+ |
Build succeeded: |
853: Prepare for the next release r=taiki-e a=taiki-e - crossbeam-utils 0.8.9 -> 0.8.10 - Fix unsoundness of `AtomicCell` on types containing niches. (#834) This fix contains breaking changes, but they are allowed because this is a soundness bug fix. See #834 for more. Co-authored-by: Taiki Endo <te316e89@gmail.com>
Fixes #833
Note: This contains two breaking changes:
This is because
MaybeUninit
doesn't allow it.AtomicCell
now implementsDrop
.This is because
MaybeUninit
preventsT
from being dropped, so we need to implementDrop
forAtomicCell
to avoid leaks of non-Copy
types.Breakages are allowed because this is a soundness bug fix. However, given the amount of breakage, we would not be able to yank the affected releases and would only create an advisory.