Fix aliasing bugs revealed by Tree Borrows #889
+22
−29
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes some aliasing bugs caused by improper usage of shared and mutable references intermixed with raw pointer accesses. These have been discovered by running the testsuite under Tree Borrows, a new aliasing model for Rust and a potential replacement for Stacked Borrows. While TB is in general more lenient than SB, there are some cases where it is more strict due to SB relying on gross hacks, which have been removed from TB.
Turns out that
deno_core
relied on such hacks. The problem is with theDynFutureInfoErased
, which has arbitrary data that is being modified by a future while other references to it are held in the runtime. To prevent this, that is put into anUnsafeCell
which makes such modifications allowed.But
UnsafeCell
only ensures that shared references can be modified without causing UB, it does not permit mutable references to be aliased. Thus, one should take care not to create mutable references here. The easiest way of doing this is to remove the implementation ofDerefMut
andAsMut
forArenaBox<T>
, and work around the few cases where that leads to breakage (by using raw pointers, which is also more robust in terms of the aliasing model).This fixes #884. See that issue for more information.
I have not audited the entire crate, so it is possible that other TB bugs are lurking elsewhere; especially in the parts that Miri can currently not test properly. But this at least makes all the test that could work, do work.