Closed
Description
I have seen #71, but Miri reports the same issue. In Miri, it exhibits itself through a UAF, though I assume the cause to be the same. Sometimes, Miri reports this as a data race, but I was only able to reproduce the UAF.
Log of the data race: https://miri.saethlin.dev/no-sb/ub?crate=arc-swap&version=1.5.0
To reproduce the UAF: MIRIFLAGS='-Zmiri-disable-stacked-borrows' cargo miri test load_parallel
Stacked borrows has to be disabled because this crate contains stacked borrows violations.
Miri backtrace
test default::load_parallel_small ... error: Undefined Behavior: pointer to alloc50951 was dereferenced after this allocation got freed
--> /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/non_null.rs:381:18
|
381 | unsafe { &*self.as_ptr() }
| ^^^^^^^^^^^^^^^ pointer to alloc50951 was dereferenced after this allocation got freed
|
= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
= note: inside `std::ptr::NonNull::<alloc::sync::ArcInner<usize>>::as_ref` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/non_null.rs:381:18
= note: inside `std::sync::Arc::<usize>::inner` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/alloc/src/sync.rs:1098:18
= note: inside `<std::sync::Arc<usize> as std::ops::Deref>::deref` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/alloc/src/sync.rs:1381:10
note: inside `<std::sync::Arc<usize> as arc_swap::RefCnt>::as_ptr` at /home/nilsh/os-contrib/arc-swap/src/ref_cnt.rs:95:9
--> /home/nilsh/os-contrib/arc-swap/src/ref_cnt.rs:95:9
|
95 | me as &T as *const T as *mut T
| ^^
note: inside `<arc_swap::strategy::hybrid::HybridProtection<std::sync::Arc<usize>> as std::ops::Drop>::drop` at /home/nilsh/os-contrib/arc-swap/src/strategy/hybrid.rs:109:27
--> /home/nilsh/os-contrib/arc-swap/src/strategy/hybrid.rs:109:27
|
109 | let ptr = T::as_ptr(&self.ptr);
| ^^^^^^^^^^^^^^^^^^^^
= note: inside `std::ptr::drop_in_place::<arc_swap::strategy::hybrid::HybridProtection<std::sync::Arc<usize>>> - shim(Some(arc_swap::strategy::hybrid::HybridProtection<std::sync::Arc<usize>>))` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:487:1
= note: inside `std::ptr::drop_in_place::<arc_swap::Guard<std::sync::Arc<usize>>> - shim(Some(arc_swap::Guard<std::sync::Arc<usize>>))` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:487:1
= note: inside `std::ptr::drop_in_place::<[arc_swap::Guard<std::sync::Arc<usize>>]> - shim(Some([arc_swap::Guard<std::sync::Arc<usize>>]))` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:487:1
= note: inside `<std::vec::Vec<arc_swap::Guard<std::sync::Arc<usize>>> as std::ops::Drop>::drop` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/alloc/src/vec/mod.rs:2888:13
= note: inside `std::ptr::drop_in_place::<std::vec::Vec<arc_swap::Guard<std::sync::Arc<usize>>>> - shim(Some(std::vec::Vec<arc_swap::Guard<std::sync::Arc<usize>>>))` at /home/nilsh/.rustup/toolchains/miri/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:487:1
note: inside closure at tests/stress.rs:241:17
--> tests/stress.rs:241:17
|
241 | }
| ^
note: some details are omitted, run with `MIRIFLAGS=-Zmiri-backtrace=full` for a verbose backtrace
error: aborting due to previous errorIf this is a false positive, you should open an issue on rust-lang/miri.
Metadata
Metadata
Assignees
Labels
No labels