Re: [PATCH v2 2/3] rust: convert `Arc` to use `Refcount`

[Alice Ryhl]

On Sat, Dec 21, 2024 at 7:31 PM Gary Guo <gary@xxxxxxxxxxx> wrote:
>
> With `Refcount` type created, `Arc` can use `Refcount` instead of
> calling into FFI directly.
>
> Signed-off-by: Gary Guo <gary@xxxxxxxxxxx>

[...]

> -    pub fn into_unique_or_drop(self) -> Option<Pin<UniqueArc<T>>> {
> +    pub fn into_unique_or_drop(this: Self) -> Option<Pin<UniqueArc<T>>> {
>          // We will manually manage the refcount in this method, so we disable the destructor.
> -        let me = ManuallyDrop::new(self);
> +        let this = ManuallyDrop::new(this);
>          // SAFETY: We own a refcount, so the pointer is still valid.
> -        let refcount = unsafe { me.ptr.as_ref() }.refcount.get();
> +        let refcount = unsafe { &this.ptr.as_ref().refcount };
>
> -        // If the refcount reaches a non-zero value, then we have destroyed this `Arc` and will
> -        // return without further touching the `Arc`. If the refcount reaches zero, then there are
> -        // no other arcs, and we can create a `UniqueArc`.
> -        //
> -        // SAFETY: We own a refcount, so the pointer is not dangling.
> -        let is_zero = unsafe { bindings::refcount_dec_and_test(refcount) };
> +        if !refcount.dec_not_one() {

This is wrong. The into_unique_or_drop function must establish an
acqrel ordering when a UniqueArc is created, but dec_not_one() does
not do so. You need to use refcount_dec_and_test() instead.

Alice