introduce StaticRWLock wrapper to make methods safe

the8472 · the8472 · commit 44abad5b12af · 2021-02-08T23:35:02.000+01:00
diff --git a/library/std/src/sys/unix/os.rs b/library/std/src/sys/unix/os.rs
@@ -22,7 +22,7 @@ use crate::str;
 use crate::sys::cvt;
 use crate::sys::fd;
 use crate::sys_common::mutex::{StaticMutex, StaticMutexGuard};
-use crate::sys_common::rwlock::{RWLock, RWLockGuard};
+use crate::sys_common::rwlock::{RWLockGuard, StaticRWLock};
 use crate::vec;
 
 use libc::{c_char, c_int, c_void};
@@ -494,16 +494,17 @@ pub unsafe fn environ() -> *mut *const *const c_char {
     ptr::addr_of_mut!(environ)
 }
 
-pub unsafe fn env_rwlock(readonly: bool) -> RWLockGuard {
-    static ENV_LOCK: RWLock = RWLock::new();
-    if readonly { ENV_LOCK.read_with_guard() } else { ENV_LOCK.write_with_guard() }
+static ENV_LOCK: StaticRWLock = StaticRWLock::new();
+
+pub fn env_read_lock() -> RWLockGuard {
+    ENV_LOCK.read_with_guard()
 }
 
 /// Returns a vector of (variable, value) byte-vector pairs for all the
 /// environment variables of the current process.
 pub fn env() -> Env {
     unsafe {
-        let _guard = env_rwlock(true);
+        let _guard = env_read_lock();
         let mut environ = *environ();
         let mut result = Vec::new();
         if !environ.is_null() {
@@ -540,7 +541,7 @@ pub fn getenv(k: &OsStr) -> io::Result<Option<OsString>> {
     // always None as well
     let k = CString::new(k.as_bytes())?;
     unsafe {
-        let _guard = env_rwlock(true);
+        let _guard = env_read_lock();
         let s = libc::getenv(k.as_ptr()) as *const libc::c_char;
         let ret = if s.is_null() {
             None
@@ -556,7 +557,7 @@ pub fn setenv(k: &OsStr, v: &OsStr) -> io::Result<()> {
     let v = CString::new(v.as_bytes())?;
 
     unsafe {
-        let _guard = env_rwlock(false);
+        let _guard = ENV_LOCK.write_with_guard();
         cvt(libc::setenv(k.as_ptr(), v.as_ptr(), 1)).map(drop)
     }
 }
@@ -565,7 +566,7 @@ pub fn unsetenv(n: &OsStr) -> io::Result<()> {
     let nbuf = CString::new(n.as_bytes())?;
 
     unsafe {
-        let _guard = env_rwlock(false);
+        let _guard = ENV_LOCK.write_with_guard();
         cvt(libc::unsetenv(nbuf.as_ptr())).map(drop)
     }
 }
diff --git a/library/std/src/sys/unix/process/process_unix.rs b/library/std/src/sys/unix/process/process_unix.rs
@@ -47,7 +47,7 @@ impl Command {
         // a lock any more because the parent won't do anything and the child is
         // in its own process.
         let result = unsafe {
-            let _env_lock = sys::os::env_rwlock(true);
+            let _env_lock = sys::os::env_read_lock();
             cvt(libc::fork())?
         };
 
@@ -124,7 +124,7 @@ impl Command {
                     // Similar to when forking, we want to ensure that access to
                     // the environment is synchronized, so make sure to grab the
                     // environment lock before we try to exec.
-                    let _lock = sys::os::env_rwlock(true);
+                    let _lock = sys::os::env_read_lock();
 
                     let Err(e) = self.do_exec(theirs, envp.as_ref());
                     e
@@ -404,7 +404,7 @@ impl Command {
             cvt_nz(libc::posix_spawnattr_setflags(attrs.0.as_mut_ptr(), flags as _))?;
 
             // Make sure we synchronize access to the global `environ` resource
-            let _env_lock = sys::os::env_rwlock(true);
+            let _env_lock = sys::os::env_read_lock();
             let envp = envp.map(|c| c.as_ptr()).unwrap_or_else(|| *sys::os::environ() as *const _);
             cvt_nz(libc::posix_spawnp(
                 &mut p.pid,
diff --git a/library/std/src/sys_common/rwlock.rs b/library/std/src/sys_common/rwlock.rs
@@ -1,26 +1,5 @@
 use crate::sys::rwlock as imp;
 
-#[cfg(unix)]
-enum GuardType {
-    Read,
-    Write,
-}
-
-#[cfg(unix)]
-pub struct RWLockGuard(&'static RWLock, GuardType);
-
-#[cfg(unix)]
-impl Drop for RWLockGuard {
-    fn drop(&mut self) {
-        unsafe {
-            match &self.1 {
-                GuardType::Read => self.0.read_unlock(),
-                GuardType::Write => self.0.write_unlock(),
-            }
-        }
-    }
-}
-
 /// An OS-based reader-writer lock.
 ///
 /// This structure is entirely unsafe and serves as the lowest layer of a
@@ -47,20 +26,6 @@ impl RWLock {
         self.0.read()
     }
 
-    /// Acquires shared access to the underlying lock, blocking the current
-    /// thread to do so.
-    ///
-    /// The lock is automatically unlocked when the returned guard is dropped.
-    ///
-    /// Behavior is undefined if the rwlock has been moved between this and any
-    /// previous method call.
-    #[inline]
-    #[cfg(unix)]
-    pub unsafe fn read_with_guard(&'static self) -> RWLockGuard {
-        self.read();
-        RWLockGuard(&self, GuardType::Read)
-    }
-
     /// Attempts to acquire shared access to this lock, returning whether it
     /// succeeded or not.
     ///
@@ -83,20 +48,6 @@ impl RWLock {
         self.0.write()
     }
 
-    /// Acquires write access to the underlying lock, blocking the current thread
-    /// to do so.
-    ///
-    /// The lock is automatically unlocked when the returned guard is dropped.
-    ///
-    /// Behavior is undefined if the rwlock has been moved between this and any
-    /// previous method call.
-    #[inline]
-    #[cfg(unix)]
-    pub unsafe fn write_with_guard(&'static self) -> RWLockGuard {
-        self.write();
-        RWLockGuard(&self, GuardType::Write)
-    }
-
     /// Attempts to acquire exclusive access to this lock, returning whether it
     /// succeeded or not.
     ///
@@ -135,3 +86,63 @@ impl RWLock {
         self.0.destroy()
     }
 }
+
+// the cfg annotations only exist due to dead code warnings. the code itself is portable
+#[cfg(unix)]
+pub struct StaticRWLock(RWLock);
+
+#[cfg(unix)]
+impl StaticRWLock {
+    pub const fn new() -> StaticRWLock {
+        StaticRWLock(RWLock::new())
+    }
+
+    /// Acquires shared access to the underlying lock, blocking the current
+    /// thread to do so.
+    ///
+    /// The lock is automatically unlocked when the returned guard is dropped.
+    #[inline]
+    pub fn read_with_guard(&'static self) -> RWLockGuard {
+        // Safety: All methods require static references, therefore self
+        // cannot be moved between invocations.
+        unsafe {
+            self.0.read();
+        }
+        RWLockGuard(&self.0, GuardType::Read)
+    }
+
+    /// Acquires write access to the underlying lock, blocking the current thread
+    /// to do so.
+    ///
+    /// The lock is automatically unlocked when the returned guard is dropped.
+    #[inline]
+    pub fn write_with_guard(&'static self) -> RWLockGuard {
+        // Safety: All methods require static references, therefore self
+        // cannot be moved between invocations.
+        unsafe {
+            self.0.write();
+        }
+        RWLockGuard(&self.0, GuardType::Write)
+    }
+}
+
+#[cfg(unix)]
+enum GuardType {
+    Read,
+    Write,
+}
+
+#[cfg(unix)]
+pub struct RWLockGuard(&'static RWLock, GuardType);
+
+#[cfg(unix)]
+impl Drop for RWLockGuard {
+    fn drop(&mut self) {
+        unsafe {
+            match &self.1 {
+                GuardType::Read => self.0.read_unlock(),
+                GuardType::Write => self.0.write_unlock(),
+            }
+        }
+    }
+}
