tracing: make Entered !Send
#1001
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The `Entered` guard returned by `Span::enter` represents entering and exiting a span _on the current thread_. Calling `Span::enter` enters the span, returning an `Entered`, and dropping the `Entered` ensures that the span is exited. This ensures that all spans, once entered, are eventually exited. However, `Entered` has an auto-impl of `Send`, because it doesn't contain any `!Send` types. This means that the `Entered` guard _could_ be sent to another thread and dropped. This would cause the original thread to never exit the span,. and the thread to which the `Entered` guard was sent would exit a span that it never observed an enter for. This is incorrect. This PR adds a `*mut ()` field to `Entered` so that it no longer implements `Send`. There's now a manual `Sync` impl so structs holding an `Entered` can still be `Sync`. Fixes #698 Signed-off-by: Eliza Weisman <eliza@buoyant.io>
davidbarsky
approved these changes
Sep 29, 2020
MikailBag
reviewed
Sep 29, 2020
| @@ -379,6 +380,7 @@ pub(crate) struct Inner { | |||
| #[must_use = "once a span has been entered, it should be exited"] | |||
| pub struct Entered<'a> { | |||
| span: &'a Span, | |||
| _not_send: PhantomData<*mut ()>, | |||
There was a problem hiding this comment.
Suggested change
| _not_send: PhantomData<*mut ()>, | |
| _not_send_but_sync: PhantomData<std::sync::MutexGuard<'static, ()>>, |
It's a bit weird, but -1 unsafe, because you don't need to unsafe impl Sync
There was a problem hiding this comment.
oh that's clever! thanks!
unfortunately we can't do exactly what you've suggested, because this needs to compile with the std feature disabled, but I can do something similar.
There was a problem hiding this comment.
This isn't actually unsafe? We are not dereferencing this type, thus doesn't require unsafe.
There was a problem hiding this comment.
@LucioFranco the unsafe was necessary for manually implementing Sync.
There was a problem hiding this comment.
...and, it turns out this approach doesn't actually work in this specific case. Because tracing has conditional support for no_std, we can't use the std::sync version of MutexGuard. I thought we could use the MutexGuard from the spinlock implementation that's used as a fallback on no-std platforms, but I'd forgotten that this is defined in tracing-core, not tracing, and isn't publicly visible. I'll probably go back to the previous approach of just accepting the additional unsafe keyword necessary to manually impl Sync.
thanks @MikailBag for the suggestion! Signed-off-by: Eliza Weisman <eliza@buoyant.io>
…o eliza/0.2-api-fixes
This reverts commit 81e9e5b. . Ut turns out this approach doesn't actually work in this specific case. Because `tracing` has conditional support for `no_std`, we can't use the `std::sync` version of `MutexGuard`. I thought we could use the `MutexGuard` from the spinlock implementation that's used as a fallback on no-std platforms, but I'd forgotten that this is defined in `tracing-core`, not `tracing`, and isn't publicly visible. I'll probably go back to the previous approach of just accepting the additional `unsafe` keyword necessary to manually impl `Sync`.
dvdplm
added a commit
to dvdplm/tracing
that referenced
this pull request
Oct 7, 2020
* upstream/master: subscriber: warn if trying to enable a statically disabled level (tokio-rs#990) subscriber: use macros for module declarations (tokio-rs#1009) chore: remove `stdlib.rs` (tokio-rs#1008) core: fix linked list tests reusing `Registration`s (tokio-rs#1016) subscriber: support dash in target names (tokio-rs#1012) docs: switch to intra-doc links in tracing-core (tokio-rs#1010) tracing-opentelemetry: implement additional record types (bool, i64, u64) (tokio-rs#1007) core: add intrusive linked list for callsite registry (tokio-rs#988) serde: allow tracing-serde to work on no_std. (tokio-rs#960) tracing: remove `Into<Option<Id>>` impl for `Span` (tokio-rs#1003) tracing: make `Entered` `!Send` (tokio-rs#1001) chore: fix nightly clippy warnings (tokio-rs#991) chore: bump all crate versions (tokio-rs#998) macros: fix the `tracing-macros` crate not compiling (tokio-rs#1000) tracing: prepare to release 0.1.21 (tokio-rs#997) core: prepare to release 0.1.17 (tokio-rs#996) subscriber: make `PartialOrd` & `Ord` impls more correct (tokio-rs#995) core, tracing: don't inline dispatcher::get_default (tokio-rs#994) core: make `Level` and `LevelFilter` `Copy` (tokio-rs#992)
dvdplm
added a commit
to dvdplm/tracing
that referenced
this pull request
Oct 16, 2020
…spatch-as-ref-tokio-rs#455 * upstream/master: (28 commits) opentelemetry: prepare for 0.8.0 release (tokio-rs#1036) docs: add favicon for extra pretty docs (tokio-rs#1033) subscriber: fix `reload` ergonomics (tokio-rs#1035) chore(deps): update crossbeam-channel requirement from 0.4.2 to 0.5.0 (tokio-rs#1031) opentelemetry: Assign default ids if missing (tokio-rs#1027) chore: remove deprecated add-path from CI (tokio-rs#1026) attributes: fix `#[instrument(err)]` in case of early returns (tokio-rs#1006) core: remove mandatory liballoc dependency with no-std (tokio-rs#1017) chore(deps): update cfg-if requirement from 0.1.10 to 1.0.0 (tokio-rs#1023) subscriber: warn if trying to enable a statically disabled level (tokio-rs#990) subscriber: use macros for module declarations (tokio-rs#1009) chore: remove `stdlib.rs` (tokio-rs#1008) core: fix linked list tests reusing `Registration`s (tokio-rs#1016) subscriber: support dash in target names (tokio-rs#1012) docs: switch to intra-doc links in tracing-core (tokio-rs#1010) tracing-opentelemetry: implement additional record types (bool, i64, u64) (tokio-rs#1007) core: add intrusive linked list for callsite registry (tokio-rs#988) serde: allow tracing-serde to work on no_std. (tokio-rs#960) tracing: remove `Into<Option<Id>>` impl for `Span` (tokio-rs#1003) tracing: make `Entered` `!Send` (tokio-rs#1001) ...
This was referenced Feb 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
The
Enteredguard returned bySpan::enterrepresents entering andexiting a span on the current thread. Calling
Span::enterenters thespan, returning an
Entered, and dropping theEnteredensures thatthe span is exited. This ensures that all spans, once entered, are
eventually exited.
However,
Enteredhas an auto-impl ofSend, because it doesn'tcontain any
!Sendtypes. This means that theEnteredguard couldbe sent to another thread and dropped. This would cause the original
thread to never exit the span,. and the thread to which the
Enteredguard was sent would exit a span that it never observed an enter for.
This is incorrect.
Solution
This PR adds a
*mut ()field toEnteredso that it no longerimplements
Send. There's now a manualSyncimpl so structs holdingan
Enteredcan still beSync.Fixes #698
Signed-off-by: Eliza Weisman eliza@buoyant.io