(rfd.shared.oxide.computer)

421 points bcantrill | 1 comments | 31 Oct 25 16:49 UTC | HN request time: 0.207s | source

This RFD describes our distillation of a really gnarly issue that we hit in the Oxide control plane.[0] Not unlike our discovery of the async cancellation issue[1][2][3], this is larger than the issue itself -- and worse, the program that hits futurelock is correct from the programmer's point of view. Fortunately, the surface area here is smaller than that of async cancellation and the conditions required to hit it can be relatively easily mitigated. Still, this is a pretty deep issue -- and something that took some very seasoned Rust hands quite a while to find.

[0] https://github.com/oxidecomputer/omicron/issues/9259

[1] https://rfd.shared.oxide.computer/rfd/397

[2] https://rfd.shared.oxide.computer/rfd/400

[3] https://www.youtube.com/watch?v=zrv5Cy1R7r4

Show context

octoberfranklin ◴[31 Oct 25 22:02 UTC] No.45777188[source]▶

>>45774086 (OP) #

It’s really important to understand what’s happening here

Then maybe you should take a moment to pick more descriptive identifiers than future1, future2, future3, do_stuff, and do_async_thing. This coding style is atrocious.

replies(2): >>45777698 #>>45778317 #

1. dap ◴[31 Oct 25 23:06 UTC] No.45777698[source]▶

>>45777188 #

Is it possible that those names are intentionally chosen and actually do carry meaning?

↑

Futurelock: A subtle risk in async Rust