Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

soundness hole with types that are Sync + !Send #9

Closed
niklasf opened this issue May 10, 2018 · 3 comments · Fixed by #16
Closed

soundness hole with types that are Sync + !Send #9

niklasf opened this issue May 10, 2018 · 3 comments · Fixed by #16

Comments

@niklasf
Copy link

niklasf commented May 10, 2018

Hi, I believe that the unsafe impl Sync needs to also require Send. Otherwise it is possible to transfer non-Send values between threads.

Similar issues in other crates:

// make a type that is Sync but not Send
// such types are arguably very rare
#![feature(optin_builtin_traits)]
#[derive(Debug)]
struct Foo(u32);
impl !Send for Foo { }

fn should_fail_to_compile() {
    let lazy = Lazy::new();

    let pool = Pool::new(1);
    pool.scoped(|scope| {
        let l = &lazy;
        scope.execute(move || {
            // we transfer a value from this thread ...
            l.get_or_create(|| Foo(42));
        });
    });

    // ... to another thread
    let result = lazy.into_inner();
    println!("{:?}", result);
}
@khuey
Copy link
Owner

khuey commented May 14, 2018

I need to think about this a bit more but I believe you're correct.

@niklasf
Copy link
Author

niklasf commented Jul 9, 2018

Any news? I see 66bbfc2, but I believe U requires the same bound. For example the snippet above still compiles.

@matklad
Copy link

matklad commented Jan 14, 2019

+1

This is unsound, it's better to fix the issue and yank old releases ;)

@niklasf niklasf changed the title potential soundness hole with types that are Sync + !Send soundness hole with types that are Sync + !Send Jul 31, 2020
@Tamschi Tamschi mentioned this issue Jan 8, 2021
Merged
Tamschi referenced this issue in Tamschi/try-lazy-init Jan 8, 2021
@Tamschi
[breaking] Add U: Send clause to `unsafe impl<T, U> Sync for LazyTr…
f6d9bc6 
…ansform<T, U>`

As per #9, a `Send` bound is required on `U` to make sure references aren't sent to threads other than the one the `U` was created on.
@Tamschi Tamschi mentioned this issue Jan 8, 2021
Merged
@khuey khuey closed this as completed in #16 Jan 12, 2021
khuey pushed a commit that referenced this issue Jan 12, 2021
@Tamschi
[breaking] Add U: Send clause to `unsafe impl<T, U> Sync for LazyTr…
ab2cac8 
…ansform<T, U>` (#16)

As per #9, a `Send` bound is required on `U` to make sure references aren't sent to threads other than the one the `U` was created on.
niklasf added a commit to niklasf/advisory-db that referenced this issue Jan 17, 2021
@niklasf
lazy-init: Missing Send bound (khuey/lazy-init#9)
b62a795
niklasf added a commit to niklasf/advisory-db that referenced this issue Jan 17, 2021
@niklasf
lazy-init: Missing Send bound for Lazy (khuey/lazy-init#9)
6ea698b
Shnatsel added a commit to rustsec/advisory-db that referenced this issue Jan 18, 2021
@Shnatsel
Merge pull request #565 from niklasf/lazy-init
5bb2d97 
lazy-init: Missing Send bound for Lazy (khuey/lazy-init#9)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[breaking] Soundness fix Tamschi/try-lazy-init
3 participants
@khuey @niklasf @matklad