-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stacked Borrows: protectors and the dereferenceable attribute #88
Comments
#252 contains a great proposal to tackle this problem -- there are some caveats though. |
The #252 proposal does not solve the problem for the case "if Arc had a dec method on ArcInner that decrements the refcount". So maybe it is better to give up on that case, and just go for "not pushing protectors for locations inside UnsafeCell". That has the advantage over #252 that it does not affect |
This is basically exactly what happens here. |
Doing things specific to the |
Discussed at today's Backlog Bonanza. While the question isn't entirely clear, it seems to be asking specifically about protectors for |
Well, rust-lang/rust#98017 resolved the concrete problem for struct S {
b: AtomicBool,
i: AtomicUsize,
} and now we do Arc-like shenanigans and have an TB "fixes" that footgun by making |
Note to self: transition this to be a new issue about tracking the interaction between UnsafeCell and protectors |
Closing in favor of #433, which describes the current state of the problem more precisely. |
As tracked in rust-lang/rust#55005, we have a problem with shared references being marked as "dereferencable", in the context of reclamation of memory in concurrent libraries such as
Arc
.I originally thought that not pushing protectors for locations inside
UnsafeCell
fixes this, but it does not: ifArc
had adec
method onArcInner
that decrements the refcount, then some protectors would get pushed for it (for the part not inside theUnsafeCell
), and get the entireArcInner
could get deallocated while that method is still running. As @nikomatsakis pointed out, you can even imagine a scenario where the refcount is stored out-of-band, and then there is noUnsafeCell
in the affected allocation at all.This can, in principle, also happen in sequential code -- imagine
RcInner::dec
calling some function after the decrement that might, through an alias, lead to dropping the last remaining aliasingRc
. Or imagine async code and having a yield point after the decrement but before the function returns.The text was updated successfully, but these errors were encountered: