-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
data-race safety #4
Comments
What assumptions are broken? Seems fine to me. The mmaps of the same file have different lifetimes and the underlying semantics of how a mmap work are left to the user to consider. |
The compiler assumes that data behind a
A child process can observe writes to shared, anonymous mmaps created by its parent, so I suspect that sticking to anonymous maps isn't sufficient. Maybe anonymous, private mmaps are free from data races. |
@tomjakubowski is exactly right. My current plan is to remove the unsafe fn as_slice(&self) -> &[u8];
unsafe fn as_mut_slice(&mut self) -> &[u8]; Additionally, I would like to add support for file locks (even if it is only advisory on POSIX systems) in order to have a runtime check of safety. |
I think this issue is fixed. The state of the world is: accessing memory from a |
The API exposed by
Mmap
is not data-race free. For example, if two processes or threads mmap the same file and proceed to read and write, the assumptions Rust makes about&mut [u8]
are broken, and the behavior is undefined. It is probably impossible to statically verify that mmap usage is data-race free, however it is against all Rust conventions to expose an API not markedunsafe
which can trigger undefined behavior.Open questions:
The text was updated successfully, but these errors were encountered: