Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix UB in SFTMap implementations #879

Merged
merged 10 commits into from
Aug 3, 2023
Merged

Fix UB in SFTMap implementations #879

merged 10 commits into from
Aug 3, 2023

Conversation

playXE
Copy link
Contributor

@playXE playXE commented Aug 1, 2023
edited
Loading

  1. Replaces casts of references to mutable references with UnsafeCell<T>.
  2. Spaces are stored inside each of implementation as pointers in order to make Rust compiler happy because of lifetimes.

@caizixian caizixian requested a review from qinsoon August 1, 2023 15:11
@qinsoon
Copy link
Member

qinsoon commented Aug 1, 2023

  1. Replaces casts of references to mutable references with UnsafeCell<T>.
  2. Spaces are stored inside each of implementation as pointers in order to make Rust compiler happy because of lifetimes.

Thanks for the PR. The use of UnsafeCell looks fine as a workaround for the UB (eventually we would like to have a safe implementation). Anyway, it looks good. But I don't understand the second point -- is the new version of Rust compiler complaining about the lifetime? The current SFTMap implementation does not assume the lifetime of &SFT, and the creation of SFTMap states &SFT is 'static. This allows us to easily change the scope of SFTMap in the future (e.g. we can confine the lifetime of SFTMap to the same lifetime as MMTK).

k-sareen
k-sareen reviewed Aug 2, 2023
View reviewed changes
src/policy/sft_map.rs Outdated Show resolved Hide resolved
@playXE
Copy link
Contributor Author

playXE commented Aug 2, 2023
edited
Loading

  1. Replaces casts of references to mutable references with UnsafeCell<T>.
  2. Spaces are stored inside each of implementation as pointers in order to make Rust compiler happy because of lifetimes.

Thanks for the PR. The use of UnsafeCell looks fine as a workaround for the UB (eventually we would like to have a safe implementation). Anyway, it looks good. But I don't understand the second point -- is the new version of Rust compiler complaining about the lifetime? The current SFTMap implementation does not assume the lifetime of &SFT, and the creation of SFTMap states &SFT is 'static. This allows us to easily change the scope of SFTMap in the future (e.g. we can confine the lifetime of SFTMap to the same lifetime as MMTK).

The second point arises from the fact that mut_self is removed. Before it would create a reference to SFTMap implementation that had different lifetime and space that is passed to ugprade could get assigned to it, now when replaced with UnsafeCell lifetimes do not match

k-sareen
k-sareen reviewed Aug 2, 2023
View reviewed changes
src/policy/sft_map.rs Outdated Show resolved Hide resolved
@playXE
Copy link
Contributor Author

playXE commented Aug 2, 2023

Hmm I would not merge this PR for now, I'm going to make storage of pointers in SFT vectors Atomic as well, using Atomic from atomic

@playXE
Copy link
Contributor Author

playXE commented Aug 2, 2023

Hmm I would not merge this PR for now, I'm going to make storage of pointers in SFT vectors Atomic as well, using Atomic from atomic

So far @qinsoon told me that update method is invoked behind the lock so probably push() and update of spaces inside it are fine without atomic pointers. In that case merging this PR should be fine.

@qinsoon
Copy link
Member

qinsoon commented Aug 2, 2023

Hmm I would not merge this PR for now, I'm going to make storage of pointers in SFT vectors Atomic as well, using Atomic from atomic

So far @qinsoon told me that update method is invoked behind the lock so probably push() and update of spaces inside it are fine without atomic pointers. In that case merging this PR should be fine.

Can you fix the style check? Then I will start a test run with our bindings to test the PR, then we can merge it.

@playXE
Copy link
Contributor Author

playXE commented Aug 3, 2023
edited
Loading

Hmm I would not merge this PR for now, I'm going to make storage of pointers in SFT vectors Atomic as well, using Atomic from atomic

So far @qinsoon told me that update method is invoked behind the lock so probably push() and update of spaces inside it are fine without atomic pointers. In that case merging this PR should be fine.

Can you fix the style check? Then I will start a test run with our bindings to test the PR, then we can merge it.

Hmm, weirdly enough I don't get the same error when I git clone it and run cargo fmt check and clippy, could you maybe restart pre code review check? I ran cargo fmt on sft_map.rs and it fixed whitespace

@k-sareen k-sareen added the PR-testing Run binding tests for the pull request (deprecated: use PR-extended-testing instead) label Aug 3, 2023
qinsoon
qinsoon approved these changes Aug 3, 2023
View reviewed changes
Copy link
Member

@qinsoon qinsoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@qinsoon qinsoon merged commit 5296645 into mmtk:master Aug 3, 2023
@k-sareen k-sareen mentioned this pull request Aug 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-sareen k-sareen k-sareen left review comments

@qinsoon qinsoon qinsoon approved these changes

Assignees
No one assigned
Labels
PR-testing Run binding tests for the pull request (deprecated: use PR-extended-testing instead)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@playXE @qinsoon @k-sareen