rvalue destructors inside of a bare block run at the wrong time #13246
Comments
|
This sounds bad. Nominating EDIT: Looks like something may be wrong in |
|
|
|
This is actually the expected behavior (if you fully grok the rules), but it's an interesting side-effect. |
|
@sfackler I'd like to know more about the details of the use-after-free. |
|
The reason this occurs is that:
|
|
@nikomatsakis In the example in sfackler/rust-postgres#31, the iterator has a reference to the statement, which in turn has a reference to the connection. The destructor for the iterator uses the connection to clean up the associated state on the server. But, since the connection has already been dropped, it ends up writing to a freed buffer, and then tries to send on a closed socket. |
|
If the destructor order is working as intended, it seems like the bug may actually be in the lifetime verification infrastructure, since the lifetime of the iterator type should not be allowed to outlive the statement, and transitively the connection. |
|
That's what I'm trying to understand. If there is an unsound interaction here. I can imagine where something confusing might crop up, I have to read and better understand the example. |
|
Here's a very simple version of the types used in that example: struct Connection {
conn: BufferedStream<TcpStream>
}
struct Statement<'conn> {
conn: &'conn Connection
}
struct Rows<'stmt> {
stmt: &'stmt Statement<'stmt>
}
impl<'stmt> Drop for Rows<'stmt> {
fn drop(&mut self) {
self.stmt.conn.conn.write("drop my server side state please".as_bytes());
self.stmt.conn.conn.flush();
}
} |
|
@sfackler right, so yes I think I see the problem. It is a shortcoming of regionck basically. We need to say something like "if we produce a value whose destructor will run at the end of scope In general, things with destructors that contain references are currently tagged as |
|
Given that #8861 is already on the 1.0 milestone as P-backcompat-lang, this is "just a bug", and need not be given a milestone marking itself. (if we were to revisit the decision regarding #8861, then we might need to revisit this bug as well, but I am assuming that will not happen.) Not marking with any triage markers. |
This is a workaround for rust-lang/rust#13246 to prevent total badness until it gets fixed. cc #34, #31
This is another case of rust-lang#13246. The RAII lock wasn't being destroyed until after the allocation was free'd due to destructor scheduling. Closes rust-lang#14784
|
Nominating. |
|
Same reasoning as April 3rd applies (@nikomatsakis says it is in fact a dupe); not marking with any milestone marker. |
|
Closing as dup of #8861 |
feat: add multiple getters mode in `generate_getter` This commit adds two modes to generate_getter action. First, the plain old working on single fields. Second, working on a selected range of fields. Should partially solve rust-lang#13246 If this gets approved will create a separate PR for setters version of the same ### Points to help in review: - `generate_getter_from_record_info` contains code which is mostly taken from assist before refactor - Same goes for `parse_record_fields` - There are changes in other assists, as one of the methods in utils named `find_struct_impl` is changed, before it used to accept a single `fn_name`, now it takes a list of function names to check against. All old impls are updated to create a small list to pass their single element. ### Assumptions: - If any of the fields have an implementation, the action will quit.
…ature, r=flip1995 Remove `feature=cargo-clippy` argument Roses are red, Violets are blue, Fixme was written, And now it's due --- changelog: **Important Change** Removed the implicit `cargo-clippy` feature set by Clippy as announced here: <https://blog.rust-lang.org/2024/02/28/Clippy-deprecating-feature-cargo-clippy.html> [rust-lang#13246](rust-lang/rust-clippy#13246) Follow-up of: rust-lang/rust-clippy#12292 r? `@flip1995` cc: `@GuillaumeGomez`
** UPDATE by @nikomatsakis **
This is almost-but-not-quite a dup of #8861, see this comment for details.
** ORIGINAL POST **
This program:
should output
but instead outputs
It appears that if the bare block around the first part of
mainis removed, everything runs in the correct order. Moving the "3"Foointo a variable also makes everything run in the right order.This was originally reported to me in sfackler/rust-postgres#31 as a segfault, but it looks like that's probably just due to heap corruption from a use-after-free caused by this bug.
Update
IR:
The text was updated successfully, but these errors were encountered: