diff options
| author | bors <bors@rust-lang.org> | 2018-08-09 07:30:14 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2018-08-09 07:30:14 +0000 |
| commit | fbb6275f4fd6cf774e1789fabfacae7248c45021 (patch) | |
| tree | f66469baf6a3a33dad86eb02c203c66115a816bb /src/libstd/sys | |
| parent | 76b69a604ee0d70be1edfa2828c769dc1b148d13 (diff) | |
| parent | 25db84206b681731960d88558bc53640fe117b09 (diff) | |
| download | rust-fbb6275f4fd6cf774e1789fabfacae7248c45021.tar.gz rust-fbb6275f4fd6cf774e1789fabfacae7248c45021.zip | |
Auto merge of #53108 - RalfJung:mutex, r=alexcrichton
clarify partially initialized Mutex issues Using a `sys_common::mutex::Mutex` without calling `init` is dangerous, and yet there are some places that do this. I tried to find all of them and add an appropriate comment about reentrancy. I found two places where (I think) reentrancy can actually occur, and was not able to come up with an argument for why this is okay. Someone who knows `io::lazy` and/or `sys_common::at_exit_imp` should have a careful look at this.
Diffstat (limited to 'src/libstd/sys')
| -rw-r--r-- | src/libstd/sys/unix/args.rs | 2 | ||||
| -rw-r--r-- | src/libstd/sys/unix/mutex.rs | 6 | ||||
| -rw-r--r-- | src/libstd/sys/unix/os.rs | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/src/libstd/sys/unix/args.rs b/src/libstd/sys/unix/args.rs index 7e32ec1347e..c3c033dfbc7 100644 --- a/src/libstd/sys/unix/args.rs +++ b/src/libstd/sys/unix/args.rs @@ -80,6 +80,8 @@ mod imp { static mut ARGC: isize = 0; static mut ARGV: *const *const u8 = ptr::null(); + // We never call `ENV_LOCK.init()`, so it is UB to attempt to + // acquire this mutex reentrantly! static LOCK: Mutex = Mutex::new(); pub unsafe fn init(argc: isize, argv: *const *const u8) { diff --git a/src/libstd/sys/unix/mutex.rs b/src/libstd/sys/unix/mutex.rs index 60b03cdbeb0..1d447de1134 100644 --- a/src/libstd/sys/unix/mutex.rs +++ b/src/libstd/sys/unix/mutex.rs @@ -25,8 +25,10 @@ unsafe impl Sync for Mutex {} #[allow(dead_code)] // sys isn't exported yet impl Mutex { pub const fn new() -> Mutex { - // Might be moved and address is changing it is better to avoid - // initialization of potentially opaque OS data before it landed + // Might be moved to a different address, so it is better to avoid + // initialization of potentially opaque OS data before it landed. + // Be very careful using this newly constructed `Mutex`, reentrant + // locking is undefined behavior until `init` is called! Mutex { inner: UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER) } } #[inline] diff --git a/src/libstd/sys/unix/os.rs b/src/libstd/sys/unix/os.rs index 1d92e8fc97c..08c3e154978 100644 --- a/src/libstd/sys/unix/os.rs +++ b/src/libstd/sys/unix/os.rs @@ -33,6 +33,8 @@ use sys::fd; use vec; const TMPBUF_SZ: usize = 128; +// We never call `ENV_LOCK.init()`, so it is UB to attempt to +// acquire this mutex reentrantly! static ENV_LOCK: Mutex = Mutex::new(); |