Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
tokio-current-thread = "0.2.0-alpha.1"
Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
Best summarized as a flood of unsafe blocks.
The
src/lib.rs
already looks somewhat suspicious. We have a thread localcontaining a pointer that is unsafely accessed. It is set by transmuting a
local reference to a dynamic trait object which has its lifetime erased. This
particular portion might be fine if no code that uses the trait depends on
that lifetime. However, all of this is worryingly done without any statement
of purpose, any reference to the overall structure, and little to no
comments.
Then we look into
src/scheduler.rs
and find our worst nightmares come tolife. Here's a short list of unexplained stuff:
uncommented impls of Sync and Send
an adhoc implementation of an intrusive queue/linked-list, giving a blog
post about C (!) as the source. Maybe one of the better sources, I do not
know, but it appears somewhat unmotivated and is intertwined with the rest of
the code.
several different UnsafeCell that have been encapsulated with telepathy,
apparently, since there are no comments explaining them nor their access.
unsafe blocks spanning ~70 lines
and the amazing unsafe fn ptr2arc(ptr: *const T) -> Arc containing
without further explanation. Note that
T
is a type parameter that isexposed to the user through the type parameter
P
ofCurrrentThread
.This is restricted to
tokio-executor::park::Park
and provides anassociated type which is later used as the
T
in question. Note that apublic constructor exists.
This is slightly unsound at best, if the node must be aligned to more than
that function guarantees, and horrible with regards to how the pointer is
used as a manual memoffset calculation afterwards.
The part where
Node
is used to ignore the lifetime of a contained objectand only its Drop implementation double panicking protects against using and
dropping the object out of its own lifetime is the least worrying here. Also,
since the comment refers to some type parameter
T
that doesn't exist in theimpl.