Clarify a comment about safety in the environment impl

We use an unusual pattern of protecting data via a global lock, but it's safe.
This commit is contained in:
Peter Ammon 2024-06-19 13:37:55 -07:00
parent 0378cb750b
commit 01d45ad755
No known key found for this signature in database

View File

@ -273,10 +273,7 @@ impl Iterator for EnvNodeIter {
} }
lazy_static! { lazy_static! {
/// XXX: Possible safety issue here as EnvNodeRef is not Send/Sync and shouldn't // All accesses to the EnvNode are protected by a global lock.
/// be placed in a static context without some sort of Send/Sync wrapper.
/// lazy_static papers over this but it triggers rust lints if you use
/// once_cell::sync::Lazy or std::sync::OnceLock instead.
static ref GLOBAL_NODE: EnvNodeRef = EnvNodeRef::new(false, None); static ref GLOBAL_NODE: EnvNodeRef = EnvNodeRef::new(false, None);
} }
@ -703,7 +700,6 @@ pub struct EnvStackImpl {
impl EnvStackImpl { impl EnvStackImpl {
/// Return a new impl representing global variables, with a single local scope. /// Return a new impl representing global variables, with a single local scope.
pub fn new() -> EnvMutex<EnvStackImpl> { pub fn new() -> EnvMutex<EnvStackImpl> {
// XXX: Safety issue: We are accessing GLOBAL_NODE without having the global mutex locked!
let globals = GLOBAL_NODE.clone(); let globals = GLOBAL_NODE.clone();
let locals = EnvNodeRef::new(false, None); let locals = EnvNodeRef::new(false, None);
let base = EnvScopedImpl::new(locals, globals); let base = EnvScopedImpl::new(locals, globals);