BinaryHeap is not exception safe

Question

BinaryHeap is not exception safe

Closed this issue 9 years ago · 5 comments

BinaryHeap is using zeroed() and may not be exception safe. I.e. it is in an inconsistent state after being recovered after panic. See issue #25662 and others.

Relevant code is BinaryHeap::sift_up, sift_down_range

cc @cmr

Answer 1 · 2015-05-27T22:09:20.000Z

My immediate ideas are one of

Use PPYP and set vector length to zero temporarily. Panicing in comparison functions will leak all elements in the heap
Use more swaps

Answer 2 · 2015-05-27T22:12:01.000Z

@gankro's got the idea: https://botbot.me/mozilla/rust-internals/2015-03-24/?msg=34945483&page=6

Answer 3 · 2015-05-27T22:13:01.000Z

Long ago I suggested two other strategies:

A two-pass phase where you do all comparisons first, then once you've found the Final Destination you actually do the swaps (which requires no untrusted code to run).
A panic guard which on drop puts the "working" element back in the "uninit" location in the array

Answer 4 · 2015-05-27T22:25:53.000Z

triage: I-nominated, T-libs

Answer 5 · 2015-05-27T22:26:30.000Z

I'm trying gankro's panic guard idea.