Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix UnsafeCell bug #119

Merged
merged 1 commit into from
Apr 8, 2020
Merged

fix UnsafeCell bug #119

merged 1 commit into from
Apr 8, 2020

Conversation

carllerche
Copy link
Member

The thread version vector was not bumped on UnsafeCell access. This
caused synchronizations that happened immediately before the access
to prevent loom from detecting invalid UnsafeCell access.

@carllerche
fix UnsafeCell bug
56b7740 
The thread version vector was not bumped on `UnsafeCell` access. This
caused synchronizations that happened immediately **before** the access
to prevent loom from detecting invalid `UnsafeCell` access.
hawkw
hawkw approved these changes Apr 8, 2020
View reviewed changes
Copy link
Member

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

do you think that there's any refactoring we can do to guard against similar issues in the future?

@carllerche
Copy link
Member Author

@hawkw like what?

@jonhoo
Copy link
Sponsor Contributor

jonhoo commented Apr 8, 2020
edited
Loading

There's this cool library called loom that we could maybe run the test suite through? 🤔

@carllerche carllerche merged commit c818498 into master Apr 8, 2020
@hawkw
Copy link
Member

hawkw commented Apr 8, 2020

@hawkw like what?

I'm not sure. If there are operations that we want to ensure always synchronize, we could make them require a token or something that ensures they are part of a synchronize closure? But, I'm not sure how much of the model we can encode in this way, so it may not be that valuable.

carllerche added a commit to tokio-rs/tokio that referenced this pull request Apr 8, 2020
@carllerche
rt: fix bug in work-stealing queue
1bbf0f5 
Fixes a couple bugs in the work-stealing queue introduced as
part of #2315. First, the cursor needs to be able to represent more
values than the size of the buffer. This is to be able to track if
`tail` is ahead of `head` or if they are identical. This bug resulted in
the "overflow" path being taken before the buffer was full.

The second bug can happen when a queue is being stolen from concurrently
with stealing into. In this case, it is possible for buffer slots to be
overwritten before they are released by the stealer. This is harder to
happen in practice due to the first bug preventing the queue from
filling up 100%, but could still happen. It triggered an assertion in
`steal_into`. This bug slipped through due to a bug in loom not
correctly catching the case. The loom bug is fixed as part of
tokio-rs/loom#119.

Fixes: #2382
carllerche added a commit to tokio-rs/tokio that referenced this pull request Apr 8, 2020
@carllerche
rt: fix bug in work-stealing queue
489a7e6 
Fixes a couple bugs in the work-stealing queue introduced as
part of #2315. First, the cursor needs to be able to represent more
values than the size of the buffer. This is to be able to track if
`tail` is ahead of `head` or if they are identical. This bug resulted in
the "overflow" path being taken before the buffer was full.

The second bug can happen when a queue is being stolen from concurrently
with stealing into. In this case, it is possible for buffer slots to be
overwritten before they are released by the stealer. This is harder to
happen in practice due to the first bug preventing the queue from
filling up 100%, but could still happen. It triggered an assertion in
`steal_into`. This bug slipped through due to a bug in loom not
correctly catching the case. The loom bug is fixed as part of
tokio-rs/loom#119.

Fixes: #2382
@carllerche carllerche mentioned this pull request Apr 8, 2020
Merged
hawkw pushed a commit to tokio-rs/tokio that referenced this pull request Apr 9, 2020
@carllerche
rt: fix bug in work-stealing queue (#2387)
58ba45a 
Fixes a couple bugs in the work-stealing queue introduced as
part of #2315. First, the cursor needs to be able to represent more
values than the size of the buffer. This is to be able to track if
`tail` is ahead of `head` or if they are identical. This bug resulted in
the "overflow" path being taken before the buffer was full.

The second bug can happen when a queue is being stolen from concurrently
with stealing into. In this case, it is possible for buffer slots to be
overwritten before they are released by the stealer. This is harder to
happen in practice due to the first bug preventing the queue from
filling up 100%, but could still happen. It triggered an assertion in
`steal_into`. This bug slipped through due to a bug in loom not
correctly catching the case. The loom bug is fixed as part of
tokio-rs/loom#119.

Fixes: #2382
@carllerche carllerche deleted the unsafe-cell-bug branch May 1, 2020 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hawkw hawkw hawkw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carllerche @jonhoo @hawkw