-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly pass strong ref as raw pointer to prevent UB in Arc::drop #58611
Explicitly pass strong ref as raw pointer to prevent UB in Arc::drop #58611
Conversation
r? @aidanhs (rust_highfive has picked a reviewer for you, use r? to override) |
7d323b8
to
5f36dc2
Compare
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
pub fn fetch_sub_explicit(f: *const $atomic_type, | ||
val: $int_type, | ||
order: Ordering) -> $int_type { | ||
unsafe { atomic_sub((*f).v.get(), val, order) } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the type of atomic_sub
? Won't this create a reference again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
atomic_sub
takes *mut T
:
rust/src/libcore/sync/atomic.rs
Line 2176 in 5f36dc2
unsafe fn atomic_sub<T>(dst: *mut T, val: T, order: Ordering) -> T { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, thanks. So this would indeed fix the problem even under the most strict semantics -- but at the cost of duplicating the entire API surface of the Atomic*
types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True that. See my comment under the PR description:
- I am unsure how this can be done without extending the public api of
AtomicUsize
.
edit: basically all Atomic*
i meant.
Thanks for this PR! However, I think it is too early to implement something here. We first need to do some design work and figure out how we want to solve this problem -- this has some ecosystem wide consequences in terms of which code is or is not UB. |
Then, this can stay in here for further reference. |
Do you mean we should merge this for further experimentation? Or keep the PR? We don't usually keep PRs open that we do not intend to merge soon. That just clutters the PR list. But you could add a link to #55005, so even if we close it we can still find this proposed solution. |
Not keeping the PR but the reference to it. It is up to you to merge this or not. Not my word in here, since you want to go to the stacked borrows direction, and major review needs to be done in code and we need to come under a conclusion for UB or not UB condition. I am adding the reference now. But can't say a word for PR acceptance for experimentation. |
r? @RalfJung |
I need to fix the doc example of public api of |
As discussed before, I don't think we want to land this before we decided that we really want to duplicate the Nevertheless, thanks a lot @vertexclique! |
As stated out in #55005 I try to apply the first solution stated by @RalfJung . Which is:
I want to add couple of questions and notes about PR:
Atomic*
.ArcInner<T>
so while using thefetch_*
of strong ref. how we can pass a raw pointer of strong ref? Is it correct way of doing it?Arc::drop
? I have no idea.