-
Notifications
You must be signed in to change notification settings - Fork 626
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix soundness hole in join macros #2649
Fix soundness hole in join macros #2649
Conversation
I should clarify that this is a bit unclear. ;) If we had proper support for self-referential generators in the language, then I think this code would be fine. But sadly self-referential generators were added in the frontend without first laying the necessary groundwork in the backend (in the form of appropriate primitives to handle the aliasing this generates), and until someone cleans up that mess, we are left with a hack: using the See this IRLO thread for more details. |
Sidenote: the CI seems to be failing to an unrelated problem that's already present on the
I ran |
p.s. the warnings in the CI seem to be false positives, the |
FWIW comex has demonstrated an actual miscompilation based on this soundness bug. |
Thanks! CI failure has been fixed by #2651. Could you rebase? |
add a miri regression test update failing tests (join sizes increased due to fix)
afe1be7
to
caf7db4
Compare
…ts on "non-64-bit pointer" targets (e.g. `i686-unknown-linux-gnu`) (this is the same fix that was also applied in PR rust-lang#2447)
Thank you for the CI fix! I rebased the PR and had to make one small addition to the test cases for |
* fix soundness hole in join macros add a miri regression test update failing tests (join sizes increased due to fix) * fix `CI / cross test` by ignoring `join_size` and `try_join_size` tests on "non-64-bit pointer" targets (e.g. `i686-unknown-linux-gnu`) (this is the same fix that was also applied in PR #2447)
* fix soundness hole in join macros add a miri regression test update failing tests (join sizes increased due to fix) * fix `CI / cross test` by ignoring `join_size` and `try_join_size` tests on "non-64-bit pointer" targets (e.g. `i686-unknown-linux-gnu`) (this is the same fix that was also applied in PR #2447)
Published in 0.3.25. |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [futures](https://rust-lang.github.io/futures-rs) ([source](https://github.com/rust-lang/futures-rs)) | dependencies | patch | `0.3.24` -> `0.3.25` | --- ### Release Notes <details> <summary>rust-lang/futures-rs</summary> ### [`v0.3.25`](https://github.com/rust-lang/futures-rs/blob/HEAD/CHANGELOG.md#​0325---2022-10-20) [Compare Source](rust-lang/futures-rs@0.3.24...0.3.25) - Fix soundness issue in `join!` and `try_join!` macros ([#​2649](rust-lang/futures-rs#2649)) - Implement `Clone` for `sink::Drain` ([#​2650](rust-lang/futures-rs#2650)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yNDAuNSIsInVwZGF0ZWRJblZlciI6IjMyLjI0MC41In0=--> Co-authored-by: cabr2-bot <[email protected]> Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1595 Reviewed-by: crapStone <[email protected]> Co-authored-by: Calciumdibromid Bot <[email protected]> Co-committed-by: Calciumdibromid Bot <[email protected]>
There is a soundness bug in the join macros where a new exclusive reference is taken out every time a future is polled. Under the Stacked Borrows model, this invalidates self-referential futures. This is then in conflict with the safety requirements for
Pin::new_unchecked
, which say that the pointer may never be invalidated after pinning it - and this leads to undefined behavior in safe Rust code.I added a miri regression test for completeness (this example was made by @jswrenn), and together with @RalfJung we pin-pointed the problem and created a fix (Zulip thread). There is a minor down-side to the fix, the joined future increased in size, due to having to store an extra pinned reference in it, and I updated the tests to account for the increased sizes.