Re: [PATCH 2/2] rust: sync: require `Sync` for `Backend::GuardState`

From: Benno Lossin
Date: Tue Sep 03 2024 - 06:06:36 EST


On 03.09.24 11:32, Alice Ryhl wrote:
> On Tue, Sep 3, 2024 at 11:17 AM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
>>
>> `Guard<T, B>` implements `Sync` when `T` is `Sync`. Since this does not
>> depend on `B`, creating a `Guard` that is `Sync`, but with `!Sync` state
>> is possible. This is a soundness issue, thus add the bounds to the
>> respective impls.
>>
>> Signed-off-by: Benno Lossin <benno.lossin@xxxxxxxxx>
>
> Right now, a `&Guard<T, B>` has exactly the same powers as &T, as the
> only thing you can do on the guard with only a shared reference is
> deref to a &T. So the bounds are correct as they are, unless new APIs
> are added (which seems unlikely?).

Right, but I thought it was strange not to require that. Since that
would be the default behavior of the `Sync` auto-trait. And the only
reason why we have to implement `Sync` is because we want it to be
`!Send` with the `PhantomData<*mut ()>`.

All of our locks currently use `()` as the guard state, so we don't lose
anything.

Maybe it might make sense to instead have a marker type that is `!Send`
but `Sync` that can be used here instead, since then we could avoid the
`unsafe impl Sync`.

> But the safety comment could certainly be improved.

That's why I stumbled on this :)

---
Cheers,
Benno