Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cell::MutPtr isn't Send #294

Closed
sporksmith opened this issue Nov 23, 2022 · 2 comments
Closed

cell::MutPtr isn't Send #294

sporksmith opened this issue Nov 23, 2022 · 2 comments

Comments

@sporksmith
Copy link

sporksmith commented Nov 23, 2022
edited
Loading

I'm writing a mutex guard that is Send when its inner type T is Send. It holds a MutPtr internally, which is !Send.

I'm currently working around it by wrapping in a newtype that implements Send when T is Send, but it'd be nice to avoid that by having loom::cell::MutPtr do this itself.

Similarly I suppose ConstPtr could implement Send and Sync when T is Sync? (Though that isn't blocking me personally)
@sporksmith sporksmith mentioned this issue Nov 23, 2022
Merged
@hawkw
Copy link
Member

hawkw commented Nov 28, 2022

The MutPtr<T> type is equivalent to an *mut T, but one that participates in loom's access tracking, and should be treated as equivalent to a *mut T. A *mut T is never Send (or Sync), and therefore, a MutPtr<T> is also !Send1.

Much like a std::cell::UnsafeCell handing out *mut Ts, a loom::cell::UnsafeCell that hands out MutPtr<T>s is primarily intended as a building block for higher-level safe structures and is not aware of the safety invariants of the structures it's used to implement. Therefore, it cannot know under what conditions a pointer to data in that UnsafeCell can and cannot be safely shared. It's the responsibility of the code that uses an UnsafeCell to implement Send and/or Sync only when a value containing a pointer to that UnsafeCell can be shared safely. Just like how std::sync::MutexGuard must manually implement Send and Sync, it's correct for determining whether your guard type should be Send/Sync to be left up to the user code as well.

I hope that's a useful explanation of why loom's cell::MutPtr should not have Send or Sync implementations of its own. Let me know if you have any questions!

Footnotes

  1. In fact, the reason the MutPtr<T> type is !Send is because it contains a *mut T and doesn't have a manual Send implementation.

@hawkw hawkw closed this as completed Nov 28, 2022
@sporksmith
Copy link
Author

Fair enough; I suppose my thinking for why MutPtr ought to be Send if T is send is roughly equivalent to the argument that the rustnomicon strikes down re making pointers Send

Doing anything useful with a raw pointer requires dereferencing it, which is already unsafe. In that sense, one could argue that it would be "fine" for them to be marked as thread safe. However it's important that they aren't thread-safe to prevent types that contain them from being automatically marked as thread-safe. These types have non-trivial untracked ownership, and it's unlikely that their author was necessarily thinking hard about thread safety.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sporksmith @hawkw