Miri: enable preemption again #855
Conversation
|
Thanks!
This is because some single-threaded tests (e.g., doctest of Stealer::steal) assume that weak CAS will not fail. It is not strictly a correct assumption, but there were many tests (especially doctests) that depended on that behavior, so I had to set it. (sorry I forgot to leave a comment explaining this) |
|
Also looks like I failed to actually remove that flag.^^ I'll add a comment instead. |
|
That failure in crossbeam-deque stampede looks real though? Is there an issue for that? |
|
I think I fixed a soundness bug. :D And the code also became cleaner by removing the need for a bunch of |
|
Thanks. IIUC, that could have been real use-after-free before GHSA-pqqp-xmhj-wgcw fixed. After that fix, that value is never used, but your fix to use |
|
Hm, but something seems to not be right with the patch... |
|
I think you need to change this line: crossbeam/crossbeam-deque/src/deque.rs Line 127 in f12133c to: (buffer.deref().at(i) as *mut T).drop_in_place(); |
| @@ -62,7 +64,7 @@ impl<T> Buffer<T> { | |||
| /// technically speaking a data race and therefore UB. We should use an atomic store here, but | |||
| /// that would be more expensive and difficult to implement generically for all types `T`. | |||
| /// Hence, as a hack, we use a volatile write instead. | |||
| unsafe fn write(&self, index: isize, task: T) { | |||
| unsafe fn write(&self, index: isize, task: MaybeUninit<T>) { | |||
There was a problem hiding this comment.
Since the value written to self.at(index) must be valid T (otherwise, the destructor cannot be sure that the value is valid), it may be better to use T instead of MaybeUninit<T> in the argument (and use MaybeUninit::new(task) in the next line).
There was a problem hiding this comment.
I did this because there are some places that just read the data and write it back immediately. By taking MaybeUninit<T> here we can avoid having to assert that this data is valid.
Ah, yes! |
|
Btw, Miri might at some point actually notice that these volatile reads/writes should be atomic. We do have a data race detector, after all. I am not sure why it doesn't kick in here; probably it needs some really specific interleaving to actually be a race. |
|
Well, I think that is exactly what is happening in the latest test failure. :) |
|
I added timing because the tests became a lot slower, but now they are fast again... whatever.^^ |
| # We need 'ts' for the per-line timing | ||
| sudo apt-get -y install moreutils | ||
| echo |
There was a problem hiding this comment.
FWIW, passing -- -Z unstable-options --report-time to cargo also works. However, I'm not sure if this is better than ts, as it seems there is no way to color the report in CI.
There was a problem hiding this comment.
Ah, I didn't know about this flag.
However (a) it only works with isolation disabled (since for regular tests it actually measures the time inside Miri), (b) it is harder to read without colors and libtest output in Miri is never colored for $REASONS, (c) the colors might not be appropriate for Miri; 1.3s seems still pretty good to me. ;)
Up to you, I am fine with removing the ts thing again. You have isolation disabled anyway.
855: Miri: enable preemption again r=taiki-e a=RalfJung Miri has a [work-around](rust-lang/miri#2248) for rust-lang/rust#55005 now. Also, "check-number-validity" is on by default these days. And I am not sure why "compare-exchange-weak-failure-rate=0.0" was set so let's see what happens when we remove it. :) Co-authored-by: Ralf Jung <[email protected]>
|
Timed out. |
|
4h? Either there is a non-deterministic infinite loop somewhere or the test runner just got stuck. Let me still reduce some test sizes. Argh, Rust 1.36 is ancient... |
|
What is clippy talking about, I didn't even change that code?!? |
|
bors r+ It seems that a new clippy lint was added in Rust 1.62 released about 10 hours ago. |
855: Miri: enable preemption again r=taiki-e a=RalfJung Miri has a [work-around](rust-lang/miri#2248) for rust-lang/rust#55005 now. Also, "check-number-validity" is on by default these days. And I am not sure why "compare-exchange-weak-failure-rate=0.0" was set so let's see what happens when we remove it. :) 858: Ignore clippy::let_unit_value lint r=taiki-e a=taiki-e Co-authored-by: Ralf Jung <[email protected]> Co-authored-by: Taiki Endo <[email protected]>
|
bors r- https://github.com/crossbeam-rs/crossbeam/runs/7142722550?check_suite_focus=true |
|
Canceled. |
|
Yeah once_cell does not work with strict provenance. It never did. But that only became apparent with a preemptive scheduler (the casts only occur when threads actually race on a once_cell). |
This depends on once_cell, which is not strict provenance compatible.
|
bors r+ |
|
Build succeeded: |
Miri has a work-around for rust-lang/rust#55005 now.
Also, "check-number-validity" is on by default these days. And I am not sure why "compare-exchange-weak-failure-rate=0.0" was set so let's see what happens when we remove it. :)