Skip to content

Comment on Rc abort-guard strategy without naming unrelated fn#140483

Merged
bors merged 2 commits intorust-lang:masterfrom
baumanj:patch-1
May 7, 2025
Merged

Comment on Rc abort-guard strategy without naming unrelated fn#140483
bors merged 2 commits intorust-lang:masterfrom
baumanj:patch-1

Conversation

@baumanj
Copy link
Contributor

@baumanj baumanj commented Apr 29, 2025
edited by workingjubilee
Loading

wrapped_add is used, not checked_add, so avoid mentioning specific fn calls that may vary slightly based on "whatever produces the best code" and focus on things that will remain constant into the future.

@baumanj
Update rc.rs docs
dd20225 
`wrapped_add` is used, not `checked_add`
@rustbot
Copy link
Collaborator

rustbot commented Apr 29, 2025

r? @workingjubilee

rustbot has assigned @workingjubilee.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Apr 29, 2025
workingjubilee
workingjubilee reviewed Apr 30, 2025
View reviewed changes
library/alloc/src/rc.rs Outdated
}

// NOTE: We checked_add here to deal with mem::forget safely. In particular
// NOTE: We wrapping_add here to deal with mem::forget safely. In particular
Copy link
Member

@workingjubilee workingjubilee Apr 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is confusing in a different way: the wrapping_add does not offer the protection anymore, the strong == 0 conditional does.

Copy link
Member

@workingjubilee workingjubilee May 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at the very least, it should mention clearly what actually implements the guard that handles the mem::forget, if it's going to mention any code.

Copy link
Contributor Author

@baumanj baumanj May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see what you mean. The fact that it's wrapping_add rather than checked_add previously is merely a detail for the sake of code generation, and that's addressed in a more local comment. In that case, I think this comment is more about the higher level issue of a potential soundness hole and isn't enhanced by mentioning the particular implementation details. How about this?

// NOTE: If you mem::forget Rcs (or Weaks), drop is skipped and the ref-count
// is not decremented, meaning the ref-count can overflow, and then you can
// free the allocation while outstanding Rcs (or Weaks) exist, which would be
// unsound. We abort because this is such a degenerate scenario that we don't
// care about what happens -- no real program should ever experience this.

Copy link
Member

@workingjubilee workingjubilee May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, something like that seems good to me.

@workingjubilee
Copy link
Member

workingjubilee commented Apr 30, 2025

I think this requires more than a one-word change to make something that makes sense. At least in the current mistaken form it's obviously "checked_add by hand"

@rustbot author

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 30, 2025
@rustbot
Copy link
Collaborator

rustbot commented Apr 30, 2025

Reminder, once the PR becomes ready for a review, use @rustbot ready.

@baumanj
Update rc.rs docs
6a4af82 
Update comment per review feedback
@baumanj
Copy link
Contributor Author

baumanj commented May 6, 2025

@rustbot ready

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 6, 2025
@workingjubilee workingjubilee changed the title Update rc.rs docs Comment on Rc abort-guard strategy without naming unrelated fn May 6, 2025
@workingjubilee
Copy link
Member

workingjubilee commented May 6, 2025

Thanks!

@bors r+ rollup

@bors
Copy link
Collaborator

bors commented May 6, 2025

📌 Commit 6a4af82 has been approved by workingjubilee

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 6, 2025
@jhpratt jhpratt mentioned this pull request May 7, 2025
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request May 7, 2025
@bors
Auto merge of rust-lang#140726 - jhpratt:rollup-b6oxopx, r=jhpratt
891b852 
Rollup of 9 pull requests

Successful merges:

 - rust-lang#134273 (de-stabilize bench attribute)
 - rust-lang#139534 (Added support for `apxf` target feature)
 - rust-lang#140419 (Move `in_external_macro` to `SyntaxContext`)
 - rust-lang#140483 (Comment on `Rc` abort-guard strategy without naming unrelated fn)
 - rust-lang#140607 (support duplicate entries in the opaque_type_storage)
 - rust-lang#140656 (collect all Fuchsia bindings into the `fuchsia` module)
 - rust-lang#140668 (Implement `VecDeque::truncate_front()`)
 - rust-lang#140709 (rustdoc: remove unportable markdown lint and old parser)
 - rust-lang#140713 (Structurally resolve in `check_ref_cast` in new solver)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 25631ff into rust-lang:master May 7, 2025
6 checks passed
@rustbot rustbot added this to the 1.88.0 milestone May 7, 2025
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request May 7, 2025
@rust-timer
Unrolled build for rust-lang#140483
e6c877b 
Rollup merge of rust-lang#140483 - baumanj:patch-1, r=workingjubilee

Comment on `Rc` abort-guard strategy without naming unrelated fn

`wrapped_add` is used, not `checked_add`, so avoid mentioning specific fn calls that may vary slightly based on "whatever produces the best code" and focus on things that will remain constant into the future.
github-actions bot pushed a commit to carolynzech/rust that referenced this pull request May 16, 2025
@jhpratt
Rollup merge of rust-lang#140483 - baumanj:patch-1, r=workingjubilee
577ba85 
Comment on `Rc` abort-guard strategy without naming unrelated fn

`wrapped_add` is used, not `checked_add`, so avoid mentioning specific fn calls that may vary slightly based on "whatever produces the best code" and focus on things that will remain constant into the future.
github-actions bot pushed a commit to carolynzech/rust that referenced this pull request May 16, 2025
@bors
Auto merge of rust-lang#140726 - jhpratt:rollup-b6oxopx, r=jhpratt
922771e 
Rollup of 9 pull requests

Successful merges:

 - rust-lang#134273 (de-stabilize bench attribute)
 - rust-lang#139534 (Added support for `apxf` target feature)
 - rust-lang#140419 (Move `in_external_macro` to `SyntaxContext`)
 - rust-lang#140483 (Comment on `Rc` abort-guard strategy without naming unrelated fn)
 - rust-lang#140607 (support duplicate entries in the opaque_type_storage)
 - rust-lang#140656 (collect all Fuchsia bindings into the `fuchsia` module)
 - rust-lang#140668 (Implement `VecDeque::truncate_front()`)
 - rust-lang#140709 (rustdoc: remove unportable markdown lint and old parser)
 - rust-lang#140713 (Structurally resolve in `check_ref_cast` in new solver)

r? `@ghost`
`@rustbot` modify labels: rollup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@workingjubilee workingjubilee workingjubilee left review comments

Assignees

@workingjubilee workingjubilee

Labels

S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

1.88.0

Development

Successfully merging this pull request may close these issues.

4 participants

@baumanj @rustbot @workingjubilee @bors

Comments