Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make tempfile robust against TLS deallocation #281

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Make tempfile robust against TLS deallocation #281

wants to merge 2 commits into from

Conversation

stoeckmann
Copy link
Contributor

@stoeckmann stoeckmann commented Mar 12, 2024
edited

This PR is a result of discussion at smol-rs/fastrand#77.

Right now the fastrand implementation is robust with current Rust implementation against TLS deallocation issues, because the Rng struct does not require any form of drop, so the TLS memory is kept in tact. At least I was unable to provoke an issue in any way.

Even if Rust changes at some time and mem::needs_drop starts returning true for Rng, the instantiation of a new Rng will succeed. Unfortunately, it won't be random at that point, because the seed is a constant value in this case. See https://github.com/smol-rs/fastrand/blob/dda0fe824b078bc844300db86021c2552465c468/src/global_rng.rs#L26 for implementation.

It really depends if tempfile is actually supposed to be functional during TLS deallocation (i.e. while thread local storages are dropped). If this is no goal, this PR can simply be closed.

@stoeckmann
Reduce cyclomatic complexity
8ee0018 
No need to match result of f if it is called only once.
@stoeckmann
Reuse Rng during temp name creation
7ed0d45 
The fastrand Rng should be created manually to avoid TLS deallocation
issues. The fastrand::alphanumeric function uses a TLS storage
internally.

With current Rust and fastrand implementation, this is no problem.

Yet, we can speed up the process a bit by not accessing the storage
for every single random char.
@Stebalien
Copy link
Owner

  • Is this only an issue if someone tries to create a temporary file from a drop implementation in a thread local?
  • Just to confirm, this will only ever be an issue if Rng ever has drop glue (which likely won't happen, as far as I can tell)?

Honestly, I'd rather fix #178 if we're going to do anything here (although I'm still not sold on that either).

@stoeckmann
Copy link
Contributor Author

  • Is this only an issue if someone tries to create a temporary file from a drop implementation in a thread local?

Correct

  • Just to confirm, this will only ever be an issue if Rng ever has drop glue (which likely won't happen, as far as I can tell)?

Either that or mem::needs_drop returns true for another reason. It's not stated that it cannot happen, but I haven't seen such a situation yet.

Honestly, I'd rather fix #178 if we're going to do anything here (although I'm still not sold on that either).

Since this is a hypothetical issue (I guess, because nobody complained), we can keep it as it is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stoeckmann @Stebalien