diff options
| author | Jethro Beekman <jethro@fortanix.com> | 2019-02-17 15:31:46 +0530 |
|---|---|---|
| committer | Jethro Beekman <jethro@fortanix.com> | 2019-04-01 12:24:46 -0700 |
| commit | 6d96c8979d37dd137d29a992fc9b962ebe089aaf (patch) | |
| tree | 0972344239ea49d311c352d4ef775c1d0be05059 /src/libstd/sys/sgx/waitqueue.rs | |
| parent | eab3eb38df8dca99110b6149b3a15deeb4ef0413 (diff) | |
| download | rust-6d96c8979d37dd137d29a992fc9b962ebe089aaf.tar.gz rust-6d96c8979d37dd137d29a992fc9b962ebe089aaf.zip | |
SGX target: convert a bunch of panics to aborts
Diffstat (limited to 'src/libstd/sys/sgx/waitqueue.rs')
| -rw-r--r-- | src/libstd/sys/sgx/waitqueue.rs | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/libstd/sys/sgx/waitqueue.rs b/src/libstd/sys/sgx/waitqueue.rs index f4adb7d1e16..d542f9b4101 100644 --- a/src/libstd/sys/sgx/waitqueue.rs +++ b/src/libstd/sys/sgx/waitqueue.rs @@ -121,7 +121,7 @@ impl<'a, T> Drop for WaitGuard<'a, T> { NotifiedTcs::Single(tcs) => Some(tcs), NotifiedTcs::All { .. } => None }; - usercalls::send(EV_UNPARK, target_tcs).unwrap(); + rtunwrap!(Ok, usercalls::send(EV_UNPARK, target_tcs)); } } @@ -141,6 +141,7 @@ impl WaitQueue { /// /// This function does not return until this thread has been awoken. pub fn wait<T>(mut guard: SpinMutexGuard<'_, WaitVariable<T>>) { + // very unsafe: check requirements of UnsafeList::push unsafe { let mut entry = UnsafeListEntry::new(SpinMutex::new(WaitEntry { tcs: thread::current(), @@ -149,10 +150,9 @@ impl WaitQueue { let entry = guard.queue.inner.push(&mut entry); drop(guard); while !entry.lock().wake { - assert_eq!( - usercalls::wait(EV_UNPARK, WAIT_INDEFINITE).unwrap() & EV_UNPARK, - EV_UNPARK - ); + // don't panic, this would invalidate `entry` during unwinding + let eventset = rtunwrap!(Ok, usercalls::wait(EV_UNPARK, WAIT_INDEFINITE)); + rtassert!(eventset & EV_UNPARK == EV_UNPARK); } } } @@ -269,7 +269,7 @@ mod unsafe_list { // ,-------> /---------\ next ---, // | |head_tail| | // `--- prev \---------/ <-------` - assert_eq!(self.head_tail.as_ref().prev, first); + rtassert!(self.head_tail.as_ref().prev == first); true } else { false @@ -285,7 +285,9 @@ mod unsafe_list { /// # Safety /// /// The entry must remain allocated until the entry is removed from the - /// list AND the caller who popped is done using the entry. + /// list AND the caller who popped is done using the entry. Special + /// care must be taken in the caller of `push` to ensure unwinding does + /// not destroy the stack frame containing the entry. pub unsafe fn push<'a>(&mut self, entry: &'a mut UnsafeListEntry<T>) -> &'a T { self.init(); @@ -303,6 +305,7 @@ mod unsafe_list { entry.as_mut().prev = prev_tail; entry.as_mut().next = self.head_tail; prev_tail.as_mut().next = entry; + // unwrap ok: always `Some` on non-dummy entries (*entry.as_ptr()).value.as_ref().unwrap() } @@ -333,6 +336,7 @@ mod unsafe_list { second.as_mut().prev = self.head_tail; first.as_mut().next = NonNull::dangling(); first.as_mut().prev = NonNull::dangling(); + // unwrap ok: always `Some` on non-dummy entries Some((*first.as_ptr()).value.as_ref().unwrap()) } } |