Looking at how Tokio's
Mutex is implemented, I have trouble understanding what makes them safe with regards to
From what I understand, most of the logic of the Mutex comes from batch_semaphore.rs which uses intrusively linked lists to store the
Wakers without needing allocation. What I don't understand is how can the
Drop implementation of
Acquire be enough to ensure there are no use-after-free in case one element is destroyed with
To explain what I mean, let's assume multiple tasks are trying to lock the Mutex concurrently. Because the Mutex is already locked, multiple
Acquire structures are created for the underlying semaphore and after their first calls to
poll, they're added to the intrusive waiting queue.
At one point, one of the tasks is cancelled, but instead of being dropped, its future is destroyed with
forget and the memory it occupied is reclaimed. What prevents the other calls to
Drop from accessing the forgotten
Acquire structure causing UB?
Is there something I don't understand about
Pin that prevents this?