New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is NotificationHandler::shutdown() really safe? #106
Comments
I'm not too familiar with POSIX signal handling. Can you give some details on what programmers are expected to do/notDo in |
Asynchronous POSIX signals (sorry, I forgot the qualifier, it's important) basically behave like hardware interrupts. Whenever your OS feels like it, it can take one of your threads and have it call a signal handling rountine, without waiting for that thread to finish whatever it was doing first. In fact, this can occur even if that thread was already in the process of running such a signal handling routine. The thread that is running a signal handler can therefore see its data in a very awkward state, where objects in memory can be half-written (because it was in the process of writing them), mutexes are potentially taken (because it was holding one), and so on... in effect, it is very much as if it were a different thread doing racey data accesses, but with two important differences:
As you can see, it's a very tricky programming model that breaks Rust's normal safety invariants and is easy to get wrong. This is why I think |
If it truly acts like a POSIX signal handler, then it exposes a bewildering range of avenues for undefined behavior and should definitely be an
unsafe fn
.The text was updated successfully, but these errors were encountered: