Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AtomicCell is unsound on types containing niches #833

Closed
dtolnay opened this issue May 21, 2022 · 3 comments · Fixed by #834
Closed

AtomicCell is unsound on types containing niches #833

dtolnay opened this issue May 21, 2022 · 3 comments · Fixed by #834
Labels
bug crossbeam-utils

Comments

@dtolnay
Copy link

dtolnay commented May 21, 2022

I believe it's incorrect to implement AtomicCell<T> in terms of UnsafeCell<T>, and it needs to be UnsafeCell<MaybeUninit<T>> instead, to prevent code outside the cell from observing partially initialized state.

Here is an example of safe code that reproduces UB:

use crossbeam_utils::atomic::AtomicCell;
use std::num::NonZeroU128;
use std::thread;

enum Enum {
    NeverConstructed,
    Cell(AtomicCell<NonZeroU128>),
}

static STATIC: Enum = Enum::Cell(AtomicCell::new(match NonZeroU128::new(1) {
    Some(nonzero) => nonzero,
    None => unreachable!(),
}));

fn main() {
    thread::spawn(|| {
        let cell = match &STATIC {
            Enum::NeverConstructed => unreachable!(),
            Enum::Cell(cell) => cell,
        };
        let x = NonZeroU128::new(0xFFFFFFFF_FFFFFFFF_00000000_00000000).unwrap();
        let y = NonZeroU128::new(0x00000000_00000000_FFFFFFFF_FFFFFFFF).unwrap();
        loop {
            cell.store(x);
            cell.store(y);
        }
    });

    loop {
        if let Enum::NeverConstructed = STATIC {
            unreachable!(":(");
        }
    }
}
$ cargo run

warning: variant is never constructed: `NeverConstructed`
 --> src/main.rs:6:5
  |
6 |     NeverConstructed,
  |     ^^^^^^^^^^^^^^^^
  |
  = note: `#[warn(dead_code)]` on by default

warning: `repro` (bin "repro") generated 1 warning
    Finished dev [unoptimized + debuginfo] target(s) in 0.27s
     Running `target/debug/repro`

thread 'main' panicked at 'internal error: entered unreachable code: :(', src/main.rs:31:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
@taiki-e taiki-e mentioned this issue May 22, 2022
Merged
@taiki-e
Copy link
Member

taiki-e commented May 22, 2022

Thanks for the report! I've filed #834 to fix this.

@dtolnay dtolnay mentioned this issue May 22, 2022
Closed
@bors bors bot closed this as completed in 9e9ff76 Jun 21, 2022
@RalfJung
Copy link
Contributor

RalfJung commented Aug 20, 2024
edited
Loading

Since rust-lang/rust#99011 (which landed a few months after this issue), UnsafeCell<T> suppresses niches, exactly due to problems like this. So I don't think there's any need for crossbeam to do anything itself here any more.

@taiki-e
Copy link
Member

taiki-e commented Aug 21, 2024

Since that fix is not yet available in our MSRV, we cannot remove the workaround on our part yet, but it would make sense to update the comment to mention that it has been fixed in 1.64.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crossbeam-utils
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use UnsafeCell<MaybeUninit<T>> in AtomicCell crossbeam-rs/crossbeam
3 participants
@RalfJung @dtolnay @taiki-e