Priority queue sender is unsafe

eivindbergem · eivindbergem · commit 1f8cda811535 · 2021-12-21T09:37:06.000+01:00
- The priority queue sender holds static reference to queue, and is
  therefor unsafe. It is up to the caller to ensure a static lifetime
  for the queue.
diff --git a/hyperloop-priority-queue/src/lib.rs b/hyperloop-priority-queue/src/lib.rs
@@ -326,8 +326,14 @@ where
         }
     }
 
-    pub fn get_sender(&self) -> PrioritySender<T> {
-        let queue: &'static Self = unsafe { &*(self as *const Self) };
+    /// Return sender to queue
+    ///
+    /// # Safety
+    ///
+    /// Sender contains a static reference to the queue, so the queue
+    /// should be static for the sender to be safe.
+    pub unsafe fn get_sender(&self) -> PrioritySender<T> {
+        let queue: &'static Self = &*(self as *const Self);
 
         PrioritySender {
             slots: &queue.slots,
@@ -540,7 +546,7 @@ mod tests {
     #[test]
     fn stack() {
         let mut heap: PriorityQueue<u32, Min, 10> = PriorityQueue::new();
-        let sender = heap.get_sender();
+        let sender = unsafe { heap.get_sender() };
 
         for i in 0..10 {
             sender.stack_push(i).unwrap();
@@ -568,7 +574,7 @@ mod tests {
     #[test]
     fn channel() {
         let mut queue: PriorityQueue<u32, Min, 10> = PriorityQueue::new();
-        let sender = queue.get_sender();
+        let sender = unsafe { queue.get_sender() };
 
         for i in 0..10 {
             sender.send(i).unwrap();
@@ -619,7 +625,7 @@ mod tests {
         let n_items = n_threads * n_items_per_thread;
 
         for i in 0..n_threads {
-            let sender = queue.get_sender();
+            let sender = unsafe { queue.get_sender() };
             let handler = thread::spawn(move || {
                 for j in 0..n_items_per_thread {
                     loop {
@@ -683,7 +689,7 @@ mod tests_loom {
 
             let handles: Vec<_> = (0..n_threads)
                 .map(|i| {
-                    let sender = queue.get_sender();
+                    let sender = unsafe { queue.get_sender() };
                     thread::spawn(move || {
                         sender.stack_push(i).unwrap();
                     })
diff --git a/hyperloop/src/executor.rs b/hyperloop/src/executor.rs
@@ -70,7 +70,7 @@ impl<const N: usize> Executor<N> {
         }
     }
 
-    fn get_sender(&self) -> TaskSender {
+    unsafe fn get_sender(&self) -> TaskSender {
         self.queue.get_sender()
     }
 
@@ -96,7 +96,7 @@ impl<const N: usize> ExecutorRef<N> {
     }
 
     pub fn get_sender(&self) -> TaskSender {
-        self.executor.get_sender()
+        unsafe { self.executor.get_sender() }
     }
 }
 
diff --git a/hyperloop/src/task.rs b/hyperloop/src/task.rs
@@ -150,6 +150,8 @@ where
 
 #[cfg(test)]
 mod tests {
+    use std::boxed::Box;
+
     use crate::{
         interrupt::yield_now,
         priority_queue::{Max, PriorityQueue},
@@ -159,7 +161,8 @@ mod tests {
 
     #[test]
     fn task() {
-        let mut queue: PriorityQueue<Ticket, Max, 1> = PriorityQueue::new();
+        let queue: &'static mut PriorityQueue<Ticket, Max, 1> =
+            Box::leak(Box::new(PriorityQueue::new()));
 
         let test_future = || {
             || {
@@ -175,7 +178,7 @@ mod tests {
 
         let task = Task::new(test_future(), 1);
 
-        task.set_sender(queue.get_sender()).unwrap();
+        task.set_sender(unsafe { queue.get_sender() }).unwrap();
 
         assert_eq!(task.get_state(), TaskState::NotQueued);
 
diff --git a/hyperloop/src/timer.rs b/hyperloop/src/timer.rs
@@ -302,7 +302,7 @@ impl<const N: usize> Scheduler<N> {
         }
     }
 
-    pub fn get_timer(&self) -> Timer {
+    pub unsafe fn get_timer(&self) -> Timer {
         Timer::new(self.rate, self.counter.clone(), self.queue.get_sender())
     }
 
@@ -379,7 +379,7 @@ mod tests {
         let token = counter.get_token();
         let scheduler: &'static mut Scheduler<10> =
             Box::leak(Box::new(Scheduler::new(1000.Hz(), token.clone())));
-        let sender = scheduler.queue.get_sender();
+        let sender = unsafe { scheduler.queue.get_sender() };
         let mockwaker = Arc::new(MockWaker::new());
         let waker: Waker = mockwaker.clone().into();
         let mut cx = Context::from_waker(&waker);
@@ -427,7 +427,7 @@ mod tests {
         let token = counter.get_token();
         let scheduler: &'static mut Scheduler<10> =
             Box::leak(Box::new(Scheduler::new(1000.Hz(), token.clone())));
-        let timer = scheduler.get_timer();
+        let timer = unsafe { scheduler.get_timer() };
         let mut executor = Box::leak(Box::new(Executor::<10>::new())).get_ref();
         let queue = Arc::new(ArrayQueue::new(10));
 
@@ -544,7 +544,7 @@ mod tests {
         let token = counter.get_token();
         let scheduler: &'static mut Scheduler<10> =
             Box::leak(Box::new(Scheduler::new(1000.Hz(), token.clone())));
-        let timer = scheduler.get_timer();
+        let timer = unsafe { scheduler.get_timer() };
         let mut executor = Box::leak(Box::new(Executor::<10>::new())).get_ref();
         let queue = Arc::new(ArrayQueue::new(10));
 

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ impl<const N: usize> Executor<N> {`
`70`	`70`	`}`
`71`	`71`	`}`
`72`	`72`
`73`		`- fn get_sender(&self) -> TaskSender {`
	`73`	`+ unsafe fn get_sender(&self) -> TaskSender {`
`74`	`74`	`self.queue.get_sender()`
`75`	`75`	`}`
`76`	`76`
`@@ -96,7 +96,7 @@ impl<const N: usize> ExecutorRef<N> {`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`pub fn get_sender(&self) -> TaskSender {`
`99`		`- self.executor.get_sender()`
	`99`	`+ unsafe { self.executor.get_sender() }`
`100`	`100`	`}`
`101`	`101`	`}`
`102`	`102`