Commit 21bdfa1

committed

Ensure consistent drop for hint::select_unpredictable

There are a few alternatives to the implementation. The principal problem is that the selected value must be owned (in the sense of having any drop flag of sorts) when the unselected value is dropped, such that panic unwind goes through the drop of both. This ownership must then be passed on in return when the drop went smoothly. The basic way of achieving this is by extracting the selected value first, at the cost of relying on the optimizer a little more for detecting the copy as constructing the return value despite having a place in the body.

1 parent ca77504 commit 21bdfa1Copy full SHA for 21bdfa1

File tree

2 files changed

+42

-1

lines changed

library
- coretests/tests
  - hint.rs
- core/src
  - hint.rs

2 files changed

+42

-1

lines changed

`‎library/core/src/hint.rs‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -790,8 +790,12 @@ pub fn select_unpredictable<T>(condition: bool, true_val: T, false_val: T) -> T`
`790`	`790`	`// is returned. This is necessary because the intrinsic doesn't drop the`
`791`	`791`	`// value that is not selected.`
`792`	`792`	`unsafe {`
	`793`	`+ // Extract the selected value first, ensure it is dropped as well if dropping the unselected`
	`794`	`+ // value panics.`
	`795`	`+ let ret = crate::intrinsics::select_unpredictable(condition, &true_val, &false_val)`
	`796`	`+ .assume_init_read();`
`793`	`797`	`crate::intrinsics::select_unpredictable(!condition, &mut true_val, &mut false_val)`
`794`	`798`	`.assume_init_drop();`
`795`		`- crate::intrinsics::select_unpredictable(condition, true_val, false_val).assume_init()`
	`799`	`+ ret`
`796`	`800`	`}`
`797`	`801`	`}`

`‎library/coretests/tests/hint.rs‎`

Lines changed: 37 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,3 +21,40 @@ fn select_unpredictable_drop() {`
`21`	`21`	`assert!(a_dropped.get());`
`22`	`22`	`assert!(b_dropped.get());`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+#[test]`
	`26`	`+#[should_panic]`
	`27`	`+fn select_unpredictable_drop_on_panic() {`
	`28`	`+ use core::cell::Cell;`
	`29`	`+`
	`30`	`+ struct X<'a> {`
	`31`	`+ cell: &'a Cell<u16>,`
	`32`	`+ expect: u16,`
	`33`	`+ write: u16,`
	`34`	`+ }`
	`35`	`+`
	`36`	`+ impl Drop for X<'_> {`
	`37`	`+ fn drop(&mut self) {`
	`38`	`+ let value = self.cell.get();`
	`39`	`+ self.cell.set(self.write);`
	`40`	`+ assert_eq!(value, self.expect);`
	`41`	`+ }`
	`42`	`+ }`
	`43`	`+`
	`44`	`+ let cell = Cell::new(0);`
	`45`	`+`
	`46`	`+ // Trigger a double-panic if the selected cell was not dropped during panic.`
	`47`	`+ let _armed = X { cell: &cell, expect: 0xdead, write: 0 };`
	`48`	`+ let selected = X { cell: &cell, write: 0xdead, expect: 1 };`
	`49`	`+ let unselected = X { cell: &cell, write: 1, expect: 0xff };`
	`50`	`+`
	`51`	`+ // The correct drop order is:`
	`52`	`+ //`
	`53`	+ // 1. `unselected` drops, writes 1, and panics as 0 != 0xff
	`54`	+ // 2. `selected` drops during unwind, writes 0xdead and does not panic as 1 == 1
	`55`	+ // 3. `armed` drops during unwind, writes 0 and does not panic as 0xdead == 0xdead
	`56`	`+ //`
	`57`	+ // If `selected` is not dropped, `armed` panics as 1 != 0xdead
	`58`	`+ let _unreachable =`
	`59`	`+ core::hint::select_unpredictable(core::hint::black_box(true), selected, unselected);`
	`60`	`+}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 21bdfa1

File tree

2 files changed

2 files changed

`‎library/core/src/hint.rs‎`

`‎library/coretests/tests/hint.rs‎`

0 commit comments