macros: define cancellation safety #5525
Conversation
Darksonn
added
T-docs
tokio/src/macros/select.rs
Outdated
| /// Cancellation safety can be defined in the following way: If you have a | ||
| /// future that has not yet completed, then it must be a no-op to drop that | ||
| /// future and recreate it. |
There was a problem hiding this comment.
If this definition ought to be very precise, I would probably refrain from defining it through the observable effects of future drop + recreate. For example, I would say the following future is cancellation safe under this definition, but just dropping it halfway through the download without driving to the completion can leak disk space:
async fn download_and_verify() -> Sha256Sum {
for i in 0..N {
if !is_chunk_downloaded(i) {
download_data_chunk(i).await;
}
}
let sha_sum = compute_hash();
delete_all_data_chunks();
sha_sum
}In my opinion, it is not safe to use this future inside the select! macro, please let me know if you agree.
There was a problem hiding this comment.
How would you define it? Inserting a drop-and-recreate of your future in the middle of a program does change what it does, so in some sense it is not a no-op, even if the difference is not observable until later.
There was a problem hiding this comment.
True, I agree that it may not be considered as a no-op.
I was going to say that I would define it like this: “a future is cancellation safe if and only if creating it and dropping before completion is a no-op”. Now that I think of it, it does not account for losing a place in a fair queue, for example in Mutex::lock.
Maybe the definition should be more rigorous and state that both create-and-drop and drop-and-recreate should be no-ops (with “no-op” meaning “no observable effects”)? I am not sure.
There was a problem hiding this comment.
I expanded a bit, but I think it's fine as-is.
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [tokio](https://tokio.rs) ([source](https://github.com/tokio-rs/tokio)) | dependencies | minor | `1.26.0` -> `1.27.0` | | [tokio](https://tokio.rs) ([source](https://github.com/tokio-rs/tokio)) | dev-dependencies | minor | `1.26.0` -> `1.27.0` | --- ### Release Notes <details> <summary>tokio-rs/tokio</summary> ### [`v1.27.0`](https://github.com/tokio-rs/tokio/releases/tag/tokio-1.27.0): Tokio v1.27.0 [Compare Source](tokio-rs/tokio@tokio-1.26.0...tokio-1.27.0) ##### 1.27.0 (March 27th, 2023) This release bumps the MSRV of Tokio to 1.56. ([#​5559]) ##### Added - io: add `async_io` helper method to sockets ([#​5512]) - io: add implementations of `AsFd`/`AsHandle`/`AsSocket` ([#​5514], [#​5540]) - net: add `UdpSocket::peek_sender()` ([#​5520]) - sync: add `RwLockWriteGuard::{downgrade_map, try_downgrade_map}` ([#​5527]) - task: add `JoinHandle::abort_handle` ([#​5543]) ##### Changed - io: use `memchr` from `libc` ([#​5558]) - macros: accept path as crate rename in `#[tokio::main]` ([#​5557]) - macros: update to syn 2.0.0 ([#​5572]) - time: don't register for a wakeup when `Interval` returns `Ready` ([#​5553]) ##### Fixed - fs: fuse std iterator in `ReadDir` ([#​5555]) - tracing: fix `spawn_blocking` location fields ([#​5573]) - time: clean up redundant check in `Wheel::poll()` ([#​5574]) ##### Documented - macros: define cancellation safety ([#​5525]) - io: add details to docs of `tokio::io::copy[_buf]` ([#​5575]) - io: refer to `ReaderStream` and `StreamReader` in module docs ([#​5576]) [#​5512]: tokio-rs/tokio#5512 [#​5514]: tokio-rs/tokio#5514 [#​5520]: tokio-rs/tokio#5520 [#​5525]: tokio-rs/tokio#5525 [#​5527]: tokio-rs/tokio#5527 [#​5540]: tokio-rs/tokio#5540 [#​5543]: tokio-rs/tokio#5543 [#​5553]: tokio-rs/tokio#5553 [#​5555]: tokio-rs/tokio#5555 [#​5557]: tokio-rs/tokio#5557 [#​5558]: tokio-rs/tokio#5558 [#​5559]: tokio-rs/tokio#5559 [#​5572]: tokio-rs/tokio#5572 [#​5573]: tokio-rs/tokio#5573 [#​5574]: tokio-rs/tokio#5574 [#​5575]: tokio-rs/tokio#5575 [#​5576]: tokio-rs/tokio#5576 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4yNC41IiwidXBkYXRlZEluVmVyIjoiMzUuMjQuNSJ9--> Co-authored-by: cabr2-bot <[email protected]> Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1838 Reviewed-by: crapStone <[email protected]> Co-authored-by: Calciumdibromid Bot <[email protected]> Co-committed-by: Calciumdibromid Bot <[email protected]>
This adds a precise definition of cancellation safety to the docs of
select!.cc @yoshuawuyts