Demonstrate how naive lifetime extension leads to segfaults

In order to restore safety, we'll have to add safeguards forbidding mutation of `RustSet` from Python if an iterator still references it. It's easy to trigger the segfault by freeing the underlying buffers, but in principle, even adding more data to the set could end up the same, by reallocating elsewhere and freeing the original buffer. At this point, this is also first evidence that we met the goal of avoiding the copy of the data.

Demonstrate how naive lifetime extension leads to segfaults
In order to restore safety, we'll have to add safeguards forbidding mutation of `RustSet` from Python if an iterator still references it. It's easy to trigger the segfault by freeing the underlying buffers, but in principle, even adding more data to the set could end up the same, by reallocating elsewhere and freeing the original buffer. At this point, this is also first evidence that we met the goal of avoiding the copy of the data.
08df9827 · Georges Racinet · 3160d97c8d3f · fa1138b4 · fa1138b4
Commit 08df9827 authored Jun 06, 2019 by Georges Racinet
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -50,6 +50,15 @@ py_class!(class RustSet |py| {
            RefCell::new(as_static.iter()))
    }

+    def clear(&self) -> PyResult<PyObject> {
+        let mut hs = self.hs(py).borrow_mut();
+        hs.clear();
+        // Force freeing of underlying memory to underline the risk of
+        // segfault
+        hs.shrink_to_fit();
+        Ok(py.None())
+    }
+
 });



--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -38,6 +38,18 @@ def test_iter():
    del it2


+def test_race_safety():
+    rs = RustSet()
+    # have Rust allocate some real amount of memory
+    rs.extend(range(10000))
+    it = iter(rs)
+
+    # Trigger freeing the underlying memory
+    rs.clear()
+
+    next(it)  # segfault
+
 def run():
    test_basic()
    test_iter()
+    test_race_safety()