Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is deadlock unsafe? #2821

Closed
bblum opened this issue Jul 6, 2012 · 5 comments
Closed

Is deadlock unsafe? #2821

bblum opened this issue Jul 6, 2012 · 5 comments
Labels
E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.

Comments

@bblum
Copy link
Contributor

bblum commented Jul 6, 2012

arc::exclusive is marked unsafe because it can deadlock trivially. But it's not too hard to use comm::port to deadlock too, and marking our core communication mechanism as unsafe is probably unwise.

Before removing the unsafe tag from exclusive.with(), though, perhaps we should think up a way to use borrowck to enforce that you don't call with within a with on the same exclusive (or maybe make them support recursive locking!!). Of course we can't statically prevent multi-exclusive deadlock, but the trivial ones might be doable.
@nikomatsakis
Copy link
Contributor

Perhaps we could implement arc::exclusive in a way that does not trivially deadlock? I believe the problem is that it uses pthread mutexes and are scheduler in unaware of those. It seems like we should implement mutexes in our scheduler if we need them in our implementation.

@nikomatsakis
Copy link
Contributor

Also, I believe that the use of unsafe here is appropriate. It's not because the arc::exclusive can deadlock---it's because it will deadlock unless you have an intimate understanding of the internals of our scheduler.

@bblum
Copy link
Contributor Author

bblum commented Jul 6, 2012

Oh, that's right - the will-deadlock-because-scheduler is the first bullet in #2781. I've also got a properly-blocking mutex implementation (in pursuit of #2795) in my stash that might help solve it (though not on its own).

@eholk
Copy link
Contributor

eholk commented Jul 6, 2012

@pcwalton mentioned this morning that if we get message passing fast enough, we might be able to do mutable state as a task where all messages sent to it have a yield-to-target mode. It'd let us remove arc::exclusive, which would make me happy.

@bblum
Copy link
Contributor Author

bblum commented Jul 11, 2012

Exclusives will always be unsafe because putting exclusives inside of exclusives can result in exchange heap leaks. Yet exclusives-in-exclusives might be desirable in some cases, so even if we could use the type system to prevent it (which seems infeasible), we shouldn't.

Conclusion: They stay unsafe.

@bblum bblum closed this as completed Jul 11, 2012
@ghost ghost assigned bblum Jul 11, 2012
@sfackler sfackler mentioned this issue Sep 17, 2013
Closed
@bblum bblum removed their assignment Jun 16, 2014
saethlin pushed a commit to saethlin/rust that referenced this issue Apr 11, 2023
@bors
Auto merge of rust-lang#2821 - RalfJung:rustup, r=RalfJung
d8795fa 
Rustup
celinval added a commit to celinval/rust-dev that referenced this issue Jun 4, 2024
@celinval
Update CBMC version to 5.94 (rust-lang#2821)
5d44de0 
Update CBMC version to 5.94 and change our regression script to read the
values from kani-dependencies instead of requiring us to keep two
sources of truth.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eholk @nikomatsakis @bblum