Fix aliasing bugs revealed by Tree Borrows #889
+22
−29
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #889 +/- ##
==========================================
+ Coverage 81.43% 81.91% +0.47%
==========================================
Files 97 98 +1
Lines 23877 24928 +1051
==========================================
+ Hits 19445 20419 +974
- Misses 4432 4509 +77 ☔ View full report in Codecov by Sentry. |
bartlomieju
requested review from
devsnek,
nathanwhit and
littledivy
and removed request for
bartlomieju
devsnek
approved these changes
Sep 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes some aliasing bugs caused by improper usage of shared and mutable references intermixed with raw pointer accesses. These have been discovered by running the testsuite under Tree Borrows, a new aliasing model for Rust and a potential replacement for Stacked Borrows. While TB is in general more lenient than SB, there are some cases where it is more strict due to SB relying on gross hacks, which have been removed from TB.
Turns out that
deno_corerelied on such hacks. The problem is with theDynFutureInfoErased, which has arbitrary data that is being modified by a future while other references to it are held in the runtime. To prevent this, that is put into anUnsafeCellwhich makes such modifications allowed.But
UnsafeCellonly ensures that shared references can be modified without causing UB, it does not permit mutable references to be aliased. Thus, one should take care not to create mutable references here. The easiest way of doing this is to remove the implementation ofDerefMutandAsMutforArenaBox<T>, and work around the few cases where that leads to breakage (by using raw pointers, which is also more robust in terms of the aliasing model).This fixes #884. See that issue for more information.
I have not audited the entire crate, so it is possible that other TB bugs are lurking elsewhere; especially in the parts that Miri can currently not test properly. But this at least makes all the test that could work, do work.