Unsound Issue in SpinLock

[CXWorks]

Hi, thanks for your time to read this issue.

Our static analyzer find a potential unsound issue (data races) in SpinLock, where the unlock fuction needs to be marked as unsafe explicitly, otherwise safe Rust can have data races when user unlock unexpectedly.

anode/anode/src/spin_mutex.rs

Lines 94 to 97 in 6bba839

	#[inline]
	pub fn unlock(&self) {
	self.locked.store(false, Ordering::Release);
	}

A potentail PoC code is like:

#[deny(unsafe_code)]
use std::sync::Arc;
use std::thread;
use std::time::Duration;
use anode::spinlock::SpinLock;

fn main() {
    let mut s1 = Arc::new(SpinLock::new(5));
    let mut s2 = s1.clone();
    let h = std::thread::spawn(move || {
        let mut guard = s2.lock();
        thread::sleep(Duration::from_secs(1));
        *guard = 10;
        thread::sleep(Duration::from_secs(1));
    });
    thread::sleep(Duration::from_secs(1));
    s1.unlock();
    let guard = s1.lock();
    let origin = *guard;
    for _ in 0..1000000{
        if *guard != origin {
            println!("{} {}", *guard, origin);
            break;
        }

    }
    h.join().unwrap();
}
// output:
// 10 5

Thanks again for your time.

[ekoutanov]

Only the lock owner should call unlock().

[CXWorks]

Hi @ekoutanov , thanks for your quick response.

I understand your concern, but Rust is trying to achieve a higher requirement for libraries so that even misuse cannot cause issues, please check this and lock-api for details