Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sound ways to work with self-referential futures #380

Closed
GoldsteinE opened this issue Dec 1, 2022 · 9 comments
Closed

Sound ways to work with self-referential futures #380

GoldsteinE opened this issue Dec 1, 2022 · 9 comments

Comments

@GoldsteinE
Copy link

Hi! I have relatively complex code that passed Miri previously but doesn’t pass it now.

The failing job is:
https://github.com/GoldsteinE/name-it/actions/runs/3594297524/jobs/6052384905

TL;DR: I’m doing something like this:

let x: Fut = async_function();
let y: [MaybeUninit<u8>; size_of::<Fut>()] = transmute(x);
let p = pin!(y); // Causes a retag!
let z: Pin<&mut Fut> = transmute(p);
z.poll();

As far as I understood, this is a general issue with soundness of futures (rust-lang/rust#63818). I’d be grateful for any pointers to things I could do to resolve this issue in my case on my side.

@GoldsteinE
Copy link
Author

I’ve managed to create minimal-ish reproducible example:
https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=81a8e59973f1870b4d90e0c93ac24121

@RalfJung
Copy link
Member

RalfJung commented Dec 1, 2022 via email

@GoldsteinE
Copy link
Author

That’s an interesting question, I’ll check it.

@GoldsteinE
Copy link
Author

Ok, so, turns out this particular snippet:

  1. Failed before my pipelines started failing
  2. Fails without transmute shenanigans or any unsafe code at all: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=a408d5a73049f532280398b2a8559b01

As this reproduces without unsafe code, this is a bug either in futures, std or Miri.

@GoldsteinE
Copy link
Author

My pipeline (test futures-channel-channel from the name-it repo) passes on miri 0.1.0 (c1a859b 2022-11-10) and fails on miri 0.1.0 (42325c5 2022-11-11)

@RalfJung
Copy link
Member

RalfJung commented Dec 1, 2022

Okay, it's probably field-retagging-by-default then that broke this.

Looking at this code, my first impression is that this is unsound since Arr is Unpin. Currently the alias handling of mutable references is tied to the Unpin trait. This is a temporary hack and not a stable guarantee (see this discussion for work towards a proper solution), but in this case probably adding Unpin would both fix that soundness bug and make Miri stop complaining?

EDIT: Okay, that's not it. Looks like you found an even simpler example anyway.

@GoldsteinE
Copy link
Author

It seems like there’re two issues: one that affects futures and another that only affects transmute hack.

name-it code handles Unpin correctly, so that's not it

@GoldsteinE
Copy link
Author

Or maybe that's a single issue that name-it just masked for older Miri versions. Either way, those issues seem to be very related.

@RalfJung
Copy link
Member

RalfJung commented Dec 3, 2022

Closing in favor of #381, which describes the core problem more precisely. Thanks for the report, which lead to be discovering this underlying problem!

Or maybe that's a single issue that name-it just masked for older Miri versions. Either way, those issues seem to be very related.

Yeah that is possible, but pretty hard to say until we figure out #381.

@RalfJung RalfJung closed this as completed Dec 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants