Fix even run can lead to UB

Restore 0.4 recommanded boot sequence but wrapped in an unsafe block.

Author: Vincent Rouillé

foundationdb-bench/src/bin/fdb-bench.rs

@@ -146,13 +146,12 @@ fn main() {
     let opt = Opt::from_args();
     info!("opt: {:?}", opt);
 
-    fdb::run(|| {
-        let db = Arc::new(
-            futures::executor::block_on(fdb::Database::new_compat(None))
-                .expect("failed to get database"),
-        );
-
-        let bench = Bench { db, opt };
-        bench.run();
-    });
+    let _guard = unsafe { foundationdb::boot() };
+    let db = Arc::new(
+        futures::executor::block_on(fdb::Database::new_compat(None))
+            .expect("failed to get database"),
+    );
+
+    let bench = Bench { db, opt };
+    bench.run();
 }

foundationdb-bindingtester/src/main.rs

@@ -1582,23 +1582,22 @@ fn main() {
         "Starting rust bindingtester with api_version {}",
         api_version
     );
-    api::FdbApiBuilder::default()
+    let builder = api::FdbApiBuilder::default()
         .set_runtime_version(api_version)
         .build()
-        .expect("failed to initialize FoundationDB API")
-        .run(|| {
-            let db = Arc::new(
-                futures::executor::block_on(fdb::Database::new_compat(cluster_path))
-                    .expect("failed to get database"),
-            );
-
-            let mut sm = StackMachine::new(&db, Bytes::from(prefix.to_owned().into_bytes()));
-            futures::executor::block_on(sm.run(db)).unwrap();
-            sm.join();
-
-            info!("Closing...");
-        })
-        .expect("failed to initialize FoundationDB network thread");
+        .expect("failed to initialize FoundationDB API");
+    let _network = unsafe { builder.boot() };
+
+    let db = Arc::new(
+        futures::executor::block_on(fdb::Database::new_compat(cluster_path))
+            .expect("failed to get database"),
+    );
+
+    let mut sm = StackMachine::new(&db, Bytes::from(prefix.to_owned().into_bytes()));
+    futures::executor::block_on(sm.run(db)).unwrap();
+    sm.join();
+
+    info!("Closing...");
 
     info!("Done.");
 }

foundationdb/examples/class-scheduling.rs

@@ -364,11 +364,10 @@ async fn run_sim(db: &Database, students: usize, ops_per_student: usize) {
 }
 
 fn main() {
-    fdb::run(|| {
-        let db = futures::executor::block_on(fdb::Database::new_compat(None))
-            .expect("failed to get database");
-        futures::executor::block_on(init(&db, &*ALL_CLASSES));
-        println!("Initialized");
-        futures::executor::block_on(run_sim(&db, 10, 10));
-    });
+    let _guard = unsafe { fdb::boot() };
+    let db = futures::executor::block_on(fdb::Database::new_compat(None))
+        .expect("failed to get database");
+    futures::executor::block_on(init(&db, &*ALL_CLASSES));
+    println!("Initialized");
+    futures::executor::block_on(run_sim(&db, 10, 10));
 }

foundationdb/src/api.rs

@@ -90,9 +90,9 @@ impl Default for FdbApiBuilder {
 /// use foundationdb::api::FdbApiBuilder;
 ///
 /// let network_builder = FdbApiBuilder::default().build().expect("fdb api initialized");
-/// network_builder.run(|| {
-///     // do some work with foundationDB
-/// }).expect("fdb network to run");
+/// let guard = unsafe { network_builder.boot() };
+/// // do some work with foundationDB
+/// drop(guard);
 /// ```
 pub struct NetworkBuilder {
     _private: (),
@@ -142,30 +142,6 @@ impl NetworkBuilder {
         Ok((NetworkRunner { cond: cond.clone() }, NetworkWait { cond }))
     }
 
-    /// Execute `f` with the FoundationDB Client API ready, this can only be called once per process.
-    /// Once this method returns, the FoundationDB Client API is stopped and cannot be restarted.
-    ///
-    /// # Examples
-    ///
-    /// ```rust
-    /// use foundationdb::api::FdbApiBuilder;
-    ///
-    /// let network_builder = FdbApiBuilder::default().build().expect("fdb api initialized");
-    /// network_builder.run(|| {
-    ///     // do some interesting things with the API...
-    /// });
-    /// ```
-    pub fn run<T>(self, f: impl FnOnce() -> T) -> FdbResult<T> {
-        // Safe because the returned object is dropped before this function returns
-        let must_drop = unsafe { self.boot()? };
-
-        let t = f();
-
-        drop(must_drop);
-
-        Ok(t)
-    }
-
     /// Initialize the FoundationDB Client API, this can only be called once per process.
     ///
     /// # Returns
@@ -186,7 +162,7 @@ impl NetworkBuilder {
     /// use foundationdb::api::FdbApiBuilder;
     ///
     /// let network_builder = FdbApiBuilder::default().build().expect("fdb api initialized");
-    /// let network = unsafe { network_builder.boot() }.expect("fdb network running");
+    /// let network = unsafe { network_builder.boot() };
     /// // do some interesting things with the API...
     /// drop(network);
     /// ```
@@ -197,7 +173,7 @@ impl NetworkBuilder {
     /// #[tokio::main]
     /// async fn main() {
     ///     let network_builder = FdbApiBuilder::default().build().expect("fdb api initialized");
-    ///     let network = unsafe { network_builder.boot() }.expect("fdb network running");
+    ///     let network = unsafe { network_builder.boot() };
     ///     // do some interesting things with the API...
     ///     drop(network);
     /// }

foundationdb/src/lib.rs

@@ -18,28 +18,28 @@
 //! - Ubuntu Linux (this may work on the Linux subsystem for Windows as well)
 //!
 //! ```console
-//! $> curl -O https://www.foundationdb.org/downloads/6.1.12/ubuntu/installers/foundationdb-clients_6.1.12-1_amd64.deb
-//! $> curl -O https://www.foundationdb.org/downloads/6.1.12/ubuntu/installers/foundationdb-server_6.1.12-1_amd64.deb
-//! $> sudo dpkg -i foundationdb-clients_6.1.12-1_amd64.deb
-//! $> sudo dpkg -i foundationdb-server_6.1.12-1_amd64.deb
+//! $> curl -O https://www.foundationdb.org/downloads/6.2.25/ubuntu/installers/foundationdb-clients_6.2.25-1_amd64.deb
+//! $> curl -O https://www.foundationdb.org/downloads/6.2.25/ubuntu/installers/foundationdb-server_6.2.25-1_amd64.deb
+//! $> sudo dpkg -i foundationdb-clients_6.2.25-1_amd64.deb
+//! $> sudo dpkg -i foundationdb-server_6.2.25-1_amd64.deb
 //! ```
 //!
 //! - macOS
 //!
 //! ```console
-//! $> curl -O https://www.foundationdb.org/downloads/6.1.12/macOS/installers/FoundationDB-6.1.12.pkg
-//! $> sudo installer -pkg FoundationDB-6.1.12.pkg -target /
+//! $> curl -O https://www.foundationdb.org/downloads/6.2.25/macOS/installers/FoundationDB-6.2.25.pkg
+//! $> sudo installer -pkg FoundationDB-6.2.25.pkg -target /
 //! ```
 //!
 //! - Windows
 //!
-//! Install [foundationdb-6.1.12-x64.msi](https://www.foundationdb.org/downloads/6.1.12/windows/installers/foundationdb-6.1.12-x64.msi)
+//! Install [foundationdb-6.2.25-x64.msi](https://www.foundationdb.org/downloads/6.2.25/windows/installers/foundationdb-6.2.25-x64.msi)
 //!
 //! ## Add dependencies on foundationdb-rs
 //!
 //! ```toml
 //! [dependencies]
-//! foundationdb = "0.4"
+//! foundationdb = "0.5"
 //! futures = "0.3"
 //! ```
 //!
@@ -70,9 +70,23 @@
 //!     Ok(())
 //! }
 //!
-//! foundationdb::run(|| {
-//!     futures::executor::block_on(async_main()).expect("failed to run");
-//! });
+//! // Safe because drop is called before the program exits
+//! let network = unsafe { foundationdb::boot() };
+//! futures::executor::block_on(async_main()).expect("failed to run");
+//! drop(network);
+//! ```
+//!
+//! ```rust
+//! #[tokio::main]
+//! async fn main() {
+//!     // Safe because drop is called before the program exits
+//!     let network = unsafe { foundationdb::boot() };
+//!
+//!     // Have fun with the FDB API
+//!
+//!     // shutdown the client
+//!     drop(network);
+//! }
 //! ```
 //!
 //! ## API stability
@@ -104,23 +118,6 @@ pub use crate::error::FdbResult;
 pub use crate::keyselector::*;
 pub use crate::transaction::*;
 
-/// Execute `f` with the FoundationDB Client API ready, this can only be called once per process.
-///
-/// # Examples
-///
-/// ```rust
-/// foundationdb::run(|| {
-///     // do some interesting things with the API...
-/// });
-/// ```
-pub fn run<T>(f: impl FnOnce() -> T) -> T {
-    api::FdbApiBuilder::default()
-        .build()
-        .expect("foundationdb API to be initialized")
-        .run(f)
-        .expect("foundationdb network to be setup")
-}
-
 /// Initialize the FoundationDB Client API, this can only be called once per process.
 ///
 /// # Returns

foundationdb/tests/api_ub.rs

@@ -0,0 +1,17 @@
+use std::panic;
+
+#[test]
+fn test_run() {
+    panic::set_hook(Box::new(|_| {}));
+    let mut db = None;
+    let result = panic::catch_unwind(panic::AssertUnwindSafe(|| {
+        // Run the foundationdb client API
+        let _drop_me = unsafe { foundationdb::boot() };
+        db = Some(foundationdb::Database::default().unwrap());
+        // Try to escape via unwind
+        panic!("UNWIND!")
+    }));
+    assert!(result.is_err());
+    let trx = db.unwrap().create_trx().unwrap();
+    let _err = futures::executor::block_on(trx.get_read_version()).unwrap_err();
+}

foundationdb/tests/atomic.rs

@@ -12,7 +12,8 @@ mod common;
 
 #[test]
 fn test_atomic() {
-    run(|| futures::executor::block_on(test_atomic_async()).expect("failed to run"));
+    let _guard = unsafe { foundationdb::boot() };
+    futures::executor::block_on(test_atomic_async()).expect("failed to run");
 }
 
 async fn atomic_add(db: &Database, key: &[u8], value: i64) -> FdbResult<()> {

foundationdb/tests/future.rs

@@ -32,7 +32,8 @@ where
 
 #[test]
 fn test_future_discard() {
-    run(|| futures::executor::block_on(test_future_discard_async()).expect("failed to run"));
+    let _guard = unsafe { foundationdb::boot() };
+    futures::executor::block_on(test_future_discard_async()).expect("failed to run");
 }
 
 async fn test_future_discard_async() -> FdbResult<()> {

foundationdb/tests/get.rs

@@ -13,19 +13,18 @@ mod common;
 
 #[test]
 fn test_get() {
-    run(|| {
-        futures::executor::block_on(test_set_get_async()).expect("failed to run");
-        futures::executor::block_on(test_get_multi_async()).expect("failed to run");
-        futures::executor::block_on(test_set_conflict_async()).expect("failed to run");
-        futures::executor::block_on(test_set_conflict_snapshot_async()).expect("failed to run");
-        futures::executor::block_on(test_transact_async()).expect("failed to run");
-        futures::executor::block_on(test_transact_limit()).expect("failed to run");
-        futures::executor::block_on(test_transact_timeout()).expect("failed to run");
-        futures::executor::block_on(test_versionstamp_async()).expect("failed to run");
-        futures::executor::block_on(test_read_version_async()).expect("failed to run");
-        futures::executor::block_on(test_set_read_version_async()).expect("failed to run");
-        futures::executor::block_on(test_get_addresses_for_key_async()).expect("failed to run");
-    });
+    let _guard = unsafe { foundationdb::boot() };
+    futures::executor::block_on(test_set_get_async()).expect("failed to run");
+    futures::executor::block_on(test_get_multi_async()).expect("failed to run");
+    futures::executor::block_on(test_set_conflict_async()).expect("failed to run");
+    futures::executor::block_on(test_set_conflict_snapshot_async()).expect("failed to run");
+    futures::executor::block_on(test_transact_async()).expect("failed to run");
+    futures::executor::block_on(test_transact_limit()).expect("failed to run");
+    futures::executor::block_on(test_transact_timeout()).expect("failed to run");
+    futures::executor::block_on(test_versionstamp_async()).expect("failed to run");
+    futures::executor::block_on(test_read_version_async()).expect("failed to run");
+    futures::executor::block_on(test_set_read_version_async()).expect("failed to run");
+    futures::executor::block_on(test_get_addresses_for_key_async()).expect("failed to run");
 }
 
 async fn test_set_get_async() -> FdbResult<()> {

foundationdb/tests/hca.rs

@@ -16,12 +16,10 @@ mod common;
 
 #[test]
 fn test_hca_many_sequential_allocations() {
-    foundationdb::run(|| {
-        futures::executor::block_on(test_hca_many_sequential_allocations_async())
-            .expect("failed to run");
-        futures::executor::block_on(test_hca_concurrent_allocations_async())
-            .expect("failed to run");
-    });
+    let _guard = unsafe { foundationdb::boot() };
+    futures::executor::block_on(test_hca_many_sequential_allocations_async())
+        .expect("failed to run");
+    futures::executor::block_on(test_hca_concurrent_allocations_async()).expect("failed to run");
 }
 
 async fn test_hca_many_sequential_allocations_async() -> FdbResult<()> {