-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(soundness regression) static mut
could be avoided.
#117
Comments
How is an |
Because it's provably correct (it only depends on Right now uses of |
Just proves once more that |
Wait, it already has: unsafe impl<T: Sync> Sync for Lazy<T> {} Looks like it regressed in a308da1. |
static mut
could be avoided.static mut
could be avoided.
I do not understand the point about However, I agree that this is unsound:
It doesn't even take reentrancy. |
@RalfJung Right, I ignored multi-threading, because it's easier to reason about reentrance (ironically). That is, Two |
I find it easier to reason about concurrency :P
The question is how long the references live. But given that the outer frame has a reference that's live before and after the reentrant call -- yes, this is UB. |
Ok, so if I'm following this we'll avoid this problem by pushing mutability inside the |
@KodrAus Yupp, ignoring the existence references, the current code's memory accesses are fine because of the |
Before this patch, multipart got into an impossible sitation with it's dependencies. It errs with: ``` error: failed to select a version for `lazy_static`. ... required by package `multipart v0.15.4` versions that meet the requirements `>= 1.0, < 1.2.0` are: 1.1.0, 1.0.2, 1.0.1, 1.0.0 all possible versions conflict with previously selected packages. previously selected package `lazy_static v1.2.0` ... which is depended on by `ring v0.13.5` ... which is depended on by `cookie v0.11.0` ... which is depended on by `rocket_http v0.4.0` ... which is depended on by `rocket v0.4.0` ... which is depended on by `multipart v0.15.4 ``` This is due to ring 0.13.3 bumping lazy_static to 1.2.0 to avoid a [soundness bug](rust-lang-nursery/lazy-static.rs#117). This patch fixes this problem by requiring at least rust 1.24.1. In addition, I noticed that the feature sse4 was depending on `twoway/pcmp`, but that has been [removed](bluss/twoway#8).
At least for
inline_lazy
, theOption<T>
can be wrapped inCell
, needing only:Then we can just have a regular
static
andget
can take&'static self
safely.EDIT: As noted below (#117 (comment)), the use of
&'static mut Lazy<T>
is unsound.Also, the
impl
above exists already, UB was introduced by regression at a308da1.cc @anp @RalfJung
The text was updated successfully, but these errors were encountered: