Avoid a potential race condition and use-after-free when calling Test.cancel().
#1395
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t.cancel()`. If a test creates an unstructured, non-detached task that continues running after the test has finished and eventually calls `Test.cancel()`, then it may be able to see a reference to the test's (or test case's) task after it has been destroyed by the Swift runtime. This PR ensures that the infrastructure under `Test.cancel()` clears its reference to the test's task before returning. This then minimizes the risk of observing the task after it has been destroyed. Further work at the Swift runtime level may be required to completely eliminate this race condition, but this change makes it sufficiently narrow that any example I can come up with is contrived.
grynspan
requested review from
briancroom,
jerryjrchen and
stmontgomery
as code owners
grynspan
added
bug
ktoso
reviewed
Nov 6, 2025
ktoso
left a comment
ktoso
left a comment
There was a problem hiding this comment.
Yeah this way at least you should not have references to a task which may have been destroyed;
I'm not sure about how the currentTaskReferences is used (doesn't that need some synchronization?), but the clearing here is definitely a good improvement.
Contributor
Author
|
The dictionary is a task-local, so no lock needed there. The elements are each a struct with a lock that guards the actual |
Contributor
Author
|
Me trying to explain the race condition:
|
briancroom
approved these changes
Nov 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If a test creates an unstructured, non-detached task that continues running after the test has finished and eventually calls
Test.cancel(), then it may be able to see a reference to the test's (or test case's) task after it has been destroyed by the Swift runtime.This PR ensures that the infrastructure under
Test.cancel()clears its reference to the test's task before returning. This then minimizes the risk of observing the task after it has been destroyed.Further work at the Swift runtime level may be required to completely eliminate this race condition, but this change makes it sufficiently narrow that any example I can come up with is contrived.
Checklist: