Fix embarrassing bug where 'unkillable' would unwind improperly when it receives a kill signal.

bblum · bblum · commit d30cca46e61f · 2013-08-02T17:31:45.000-04:00
diff --git a/src/libstd/rt/kill.rs b/src/libstd/rt/kill.rs
@@ -548,11 +548,12 @@ impl Death {
     /// All calls must be paired with a subsequent call to allow_kill.
     #[inline]
     pub fn inhibit_kill(&mut self, already_failing: bool) {
-        if self.unkillable == 0 {
+        self.unkillable += 1;
+        // May fail, hence must happen *after* incrementing the counter
+        if self.unkillable == 1 {
             rtassert!(self.kill_handle.is_some());
             self.kill_handle.get_mut_ref().inhibit_kill(already_failing);
         }
-        self.unkillable += 1;
     }
 
     /// Exit a possibly-nested unkillable section of code.
diff --git a/src/libstd/task/mod.rs b/src/libstd/task/mod.rs
@@ -655,6 +655,47 @@ pub unsafe fn rekillable<U>(f: &fn() -> U) -> U {
     }
 }
 
+#[test] #[ignore(cfg(windows))]
+fn test_kill_unkillable_task() {
+    use rt::test::*;
+
+    // Attempt to test that when a kill signal is received at the start of an
+    // unkillable section, 'unkillable' unwinds correctly. This is actually
+    // quite a difficult race to expose, as the kill has to happen on a second
+    // CPU, *after* the spawner is already switched-back-to (and passes the
+    // killed check at the start of its timeslice). As far as I know, it's not
+    // possible to make this race deterministic, or even more likely to happen.
+    do run_in_newsched_task {
+        do task::try {
+            do task::spawn {
+                fail!();
+            }
+            do task::unkillable { }
+        };
+    }
+}
+
+#[test] #[ignore(cfg(windows))]
+fn test_kill_rekillable_task() {
+    use rt::test::*;
+
+    // Tests that when a kill signal is received, 'rekillable' and
+    // 'unkillable' unwind correctly in conjunction with each other.
+    do run_in_newsched_task {
+        do task::try {
+            do task::unkillable {
+                unsafe {
+                    do task::rekillable {
+                        do task::spawn {
+                            fail!();
+                        }
+                    }
+                }
+            }
+        };
+    }
+}
+
 #[test] #[should_fail] #[ignore(cfg(windows))]
 fn test_cant_dup_task_builder() {
     let mut builder = task();

Original file line number	Diff line number	Diff line change
`@@ -548,11 +548,12 @@ impl Death {`
`548`	`548`	`/// All calls must be paired with a subsequent call to allow_kill.`
`549`	`549`	`#[inline]`
`550`	`550`	`pub fn inhibit_kill(&mut self, already_failing: bool) {`
`551`		`- if self.unkillable == 0 {`
	`551`	`+ self.unkillable += 1;`
	`552`	`+ // May fail, hence must happen after incrementing the counter`
	`553`	`+ if self.unkillable == 1 {`
`552`	`554`	`rtassert!(self.kill_handle.is_some());`
`553`	`555`	`self.kill_handle.get_mut_ref().inhibit_kill(already_failing);`
`554`	`556`	`}`
`555`		`- self.unkillable += 1;`
`556`	`557`	`}`
`557`	`558`
`558`	`559`	`/// Exit a possibly-nested unkillable section of code.`