-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keeping references to #[thread_local] statics is allowed across yields. #49682
Comments
Am I right in assuming the same issue applies to implementations of thread locals in external crates, which aren't limited to unstable? e.g. https://amanieu.github.io/thread_local-rs/thread_local/index.html edit: I'm wrong. From that page:
Otherwise the API would be blatantly unsound even without generators. edit2: ignore me; I misunderstood the scope of the problem. For the record, it doesn't apply to |
triage: P-medium Should fix, not urgent. |
Now that async/await is stable, can anyone reproduce this bug using only those? I gave it a whack (playground here) and got the following error message:
...which suggests at least some degree of mitigation is already implemented, but it's possible that my translation (which obviously can't yield directly) did not represent the spirit of the original bug. |
@bstrie Here's an async example which should not compile. |
Instead of disallow it, I think we should allow it but make the resulting generator |
I would expect this to make the resulting future |
…unsound-issues, r=jackh726 Add `known-bug` tests for 4 unsound issues This PR adds `known-bug` tests for 4 unsound issues as part of rust-lang#105107 - rust-lang#40582 - rust-lang#49682 - rust-lang#74629 - rust-lang#105782
…unsound-issues, r=jackh726 Add `known-bug` tests for 4 unsound issues This PR adds `known-bug` tests for 4 unsound issues as part of rust-lang#105107 - rust-lang#40582 - rust-lang#49682 - rust-lang#74629 - rust-lang#105782
This does not affect stabilization of
async fn
unless#[thread_local]
is also stabilizedTry on playground:
Sample output:
You can see by the pointer addresses and values inside
FOO
that the same location was reused for the second child thread (it's a bit harder to show a crash) - this is clearly an use-after-free.If we had in-language
async
, the same problem could be demonstrated using those.In non-generator functions, such references have function-local lifetimes and cannot escape.
With the stable
thread_local!
fromlibstd
, user code gets access to the reference in a (non-generator/async) closure, which also doesn't allow escaping the reference.cc @alexcrichton @withoutboats @Zoxc
The text was updated successfully, but these errors were encountered: