Rollup merge of #124387 - workingjubilee:use-raw-pointers-in-thread-locals, r=joboet

matthiaskrgr · web-flow · commit 7c5213cf0ab5 · 2024-04-27T07:55:38.000+02:00
thread_local: be excruciatingly explicit in dtor code Use raw pointers to accomplish internal mutability, and clearly split references where applicable. This reduces the likelihood that any of these parts are misunderstood, either by humans or the compiler's optimizations. Fixes #124317 r? ``@joboet``
diff --git a/library/std/src/sys/thread_local/fast_local.rs b/library/std/src/sys/thread_local/fast_local.rs
@@ -1,7 +1,7 @@
 use super::lazy::LazyKeyInner;
 use crate::cell::Cell;
 use crate::sys::thread_local_dtor::register_dtor;
-use crate::{fmt, mem, panic};
+use crate::{fmt, mem, panic, ptr};
 
 #[doc(hidden)]
 #[allow_internal_unstable(thread_local_internals, cfg_target_thread_local, thread_local)]
@@ -237,8 +237,9 @@ unsafe extern "C" fn destroy_value<T>(ptr: *mut u8) {
     // Wrap the call in a catch to ensure unwinding is caught in the event
     // a panic takes place in a destructor.
     if let Err(_) = panic::catch_unwind(panic::AssertUnwindSafe(|| unsafe {
-        let value = (*ptr).inner.take();
-        (*ptr).dtor_state.set(DtorState::RunningOrHasRun);
+        let Key { inner, dtor_state } = &*ptr;
+        let value = inner.take();
+        dtor_state.set(DtorState::RunningOrHasRun);
         drop(value);
     })) {
         rtabort!("thread local panicked on drop");
diff --git a/library/std/src/sys/thread_local/mod.rs b/library/std/src/sys/thread_local/mod.rs
@@ -91,13 +91,15 @@ mod lazy {
             }
         }
 
-        /// The other methods hand out references while taking &self.
-        /// As such, callers of this method must ensure no `&` and `&mut` are
-        /// available and used at the same time.
+        /// Watch out: unsynchronized internal mutability!
+        ///
+        /// # Safety
+        /// Causes UB if any reference to the value is used after this.
         #[allow(unused)]
-        pub unsafe fn take(&mut self) -> Option<T> {
-            // SAFETY: See doc comment for this method.
-            unsafe { (*self.inner.get()).take() }
+        pub(crate) unsafe fn take(&self) -> Option<T> {
+            let mutable: *mut _ = UnsafeCell::get(&self.inner);
+            // SAFETY: That's the caller's problem.
+            unsafe { mutable.replace(None) }
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -91,13 +91,15 @@ mod lazy {`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`
`94`		`- /// The other methods hand out references while taking &self.`
`95`		- /// As such, callers of this method must ensure no `&` and `&mut` are
`96`		`- /// available and used at the same time.`
	`94`	`+ /// Watch out: unsynchronized internal mutability!`
	`95`	`+ ///`
	`96`	`+ /// # Safety`
	`97`	`+ /// Causes UB if any reference to the value is used after this.`
`97`	`98`	`#[allow(unused)]`
`98`		`- pub unsafe fn take(&mut self) -> Option<T> {`
`99`		`- // SAFETY: See doc comment for this method.`
`100`		`- unsafe { (*self.inner.get()).take() }`
	`99`	`+ pub(crate) unsafe fn take(&self) -> Option<T> {`
	`100`	`+ let mutable: *mut _ = UnsafeCell::get(&self.inner);`
	`101`	`+ // SAFETY: That's the caller's problem.`
	`102`	`+ unsafe { mutable.replace(None) }`
`101`	`103`	`}`
`102`	`104`	`}`
`103`	`105`	`}`