【 在 eGust (十年) 的大作中提到: 】
: 标 题: rust社区大事件:actix作者不干了
: 发信站: 水木社区 (Sat Jan 18 08:42:20 2020), 站内
:
:
https://github.com/actix/actix-web:
: reddit 上面感觉每一两个月都会有 actix 关于 unsafe issue/pr 跟作者吵架的帖子。这次又是,没过两天,结果昨天作者发推:
:
https://twitter.com/fafhrd91/status/1218135374339301378: I am done with open source.
:
: reddit 上面有人总结的事件经过:
: TLDR:
:
: <unknown> commented: The following code is unsound:
:
:
https://github.com/actix/actix-net/blob/7c5fa25b23a802b27e8066caf4e01e3c2cedeb35/actix-service/src/cell.rs#L34-L36:
: This uses Rc::as_ref() to obtain a reference to the underlying data, which does not guarantee uniqueness. It is possible to obtain several mutable references to the same memory location by calling this function repeatedly:
:
: let mycell = Cell::new(vec![1,2,3]); let ref1 = mysell.get_mut(); let ref2 = mysell.get_mut(); // obtained a second mutable reference; UB starts here
:
: This may lead to arbitrary memory errors triggered from safe code, the most common of which would be use-after-free. These two references do not need to exist in the same function to trigger undefined behavior, they only need to exist at the same point in time.
:
: A proper way to implement Cell:get_mut() would be calling Rc::get_mut() which guarantees uniqueness instead of Rc::as_ref().
:
: fafhrd91 commented: This is internal code. There is no repeated call to get_mut() anywhere in code
:
: fafhrd91 commented: Please, don’t start
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
这句话疑似是作者评论的。不像是 fafhrd91 的立场说的。
:
: Shnatsel commented: These two references do not need to exist in the same function to trigger undefined behavior, they only need to exist at the same point in time.
:
: An easy way to see if this is a problem in practice is replace .as_ref() with .get_mut().unwrap() and see if anything panics.
:
: cdbattags commented: @fafhrd91, I don't think "unsound" was meant to be personal or offensive.
:
: Why close this so quickly?
:
: fafhrd91 commented: I need unit test that shows UB.
:
: ...
:
: fafhrd91 commented: this patch is boring
:
: CJKay commented: So is resolving silent data corruption.
:
: bbqsrc commented: @fafhrd91 seriously? Please just stop writing Rust. You do not respect semver, you do not respect soundness, so why are you using a language predominantly based around doing these things right?
:
: JohnTitor commented: @bbqsrc I understand your point, but that doesn't mean you should use offensive words.
:
: --
:
: ※ 来源:·水木社区 newsmth.net·[FROM: 122.59.30.*]
:
--
FROM 211.95.56.*