Audit spin

Question

Audit spin

Shnatsel opened this issue 5 years ago · comments

Sergey "Shnatsel" Davidoff commented 5 years ago

spin crate provides no_std spinlocks. It has 6000 downloads/day on crates.io and is a transitive dependency of lazy_static! in no_std mode.

Sergey "Shnatsel" Davidoff · Answer 1 · Wed Aug 28 2019 03:28:37 GMT+0800 (China Standard Time)

@64 has audited the RwLock implementation and discovered issues: mvdnes/spin-rs#65
This is now a RustSec advisory: rustsec/advisory-db#132

They have also rewritten it based on Folly to fix those issues: mvdnes/spin-rs#66
The new implementation has been reviewed by @xacrimon.

Matt Taylor · Answer 2 · Wed Aug 28 2019 03:32:48 GMT+0800 (China Standard Time)

FWIW, I had a quick look over the other parts of spin and didn't see any glaring issues. If someone is going to take a proper look I'd recommend auditing Once because that's what lazy_static uses.

Sergey "Shnatsel" Davidoff · Answer 3 · Wed Sep 04 2019 20:58:38 GMT+0800 (China Standard Time)

Conversion of Once to MaybeUninit<T> is outstanding: mvdnes/spin-rs#68

The rest of Once could still use a soundness audit.

Joel Wejdenstål · Answer 4 · Wed Feb 19 2020 03:47:52 GMT+0800 (China Standard Time)

I've looked through and tested Once as rigourusly as my knowledge allows and I have found no issues.

Sergey "Shnatsel" Davidoff · Answer 5 · Wed Feb 19 2020 03:53:25 GMT+0800 (China Standard Time)

Great! If the code isn't extensively commented already, it would be nice to add comments in the form of "This is sound because..."