Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix some memory leaks on panicking destructors #27

Merged
merged 2 commits into from
Oct 5, 2021

Conversation

steffahn
Copy link
Contributor

@steffahn steffahn commented Oct 5, 2021

Closes #26

steffahn and others added 2 commits October 5, 2021 18:34
Use catch_unwind instead of should_panic to be more explicit about what shoud
panic.

More descriptive names.

Use nontrivial owner type.
@Voultapher
Copy link
Owner

Having both owner and dependent impl panic, not sure how to test that without running into terminate.

@steffahn
Copy link
Contributor Author

steffahn commented Oct 5, 2021

If there's two panics then an abort is expected.

This could be tested by having the owner and the dependent implement drop, the dependent panicking, the owner's panic with some side-effect. Then catch the panic, and test for the side-effect.

I don't really think such a test is strictly necessary, in particular I don't think it would need to be part of this PR.

Then you'll know that both destructors (owner and dependent) were run. Since owner was run during unwinding, if it were to panic an abort would've automatically resulted.

Copy link
Owner

@Voultapher Voultapher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dealloc(self.joined_void_ptr.as_ptr(), layout);
// Dropping owner
// and deallocating
// due to _guard at end of scope.
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is suddenly much nicer, and less leaky. Awesome to see OwnerAndCellDropGuard get more mileage.

@@ -149,16 +156,31 @@ impl<Owner, Dependent> OwnerAndCellDropGuard<Owner, Dependent> {

impl<Owner, Dependent> Drop for OwnerAndCellDropGuard<Owner, Dependent> {
fn drop(&mut self) {
struct DeallocGuard {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I heard you like drop guards so I put a drop guard inside your drop guard :D

@steffahn
Copy link
Contributor Author

steffahn commented Oct 5, 2021

Actually, I'm only now reading your modified tests. By making the owner a string, you're already testing whether the owner is dropped if dependent panics. If it wasn't, there would be a leak. Since it is dropped, we can be sure that if it's destructor panicked as well, an abort would be triggered.

@Voultapher Voultapher merged commit f94e898 into Voultapher:main Oct 5, 2021
@steffahn steffahn deleted the fix_memory_leaks branch October 5, 2021 17:13
@Voultapher
Copy link
Owner

Voultapher commented Oct 5, 2021

@steffahn are we good for v0.9.3 or do you want to do some more research? IMO a day or two are not critical here, but notifying users of an important update, I'd prefer doing once instead of twice or more.

@steffahn
Copy link
Contributor Author

steffahn commented Oct 5, 2021

I'm not planning on doing anything else today, and as of now I'm not aware of any remaining unsoundness. I don't know yet if I'll take another look around the source tomorrow or not.

@Voultapher
Copy link
Owner

Ok, thanks for taking a look. I want this project to be easy and safe-to-use, without caveats. So I'm always happy to see soundness issues found and addressed. Better now than later. I'm quite busy right now myself. So I'll release a new version hopefully Friday and open a PR for bracket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Memory leaks when destructors panic
2 participants