(rfd.shared.oxide.computer)

427 points bcantrill | 1 comments | 31 Oct 25 16:49 UTC | HN request time: 0.227s | source

This RFD describes our distillation of a really gnarly issue that we hit in the Oxide control plane.[0] Not unlike our discovery of the async cancellation issue[1][2][3], this is larger than the issue itself -- and worse, the program that hits futurelock is correct from the programmer's point of view. Fortunately, the surface area here is smaller than that of async cancellation and the conditions required to hit it can be relatively easily mitigated. Still, this is a pretty deep issue -- and something that took some very seasoned Rust hands quite a while to find.

[0] https://github.com/oxidecomputer/omicron/issues/9259

[1] https://rfd.shared.oxide.computer/rfd/397

[2] https://rfd.shared.oxide.computer/rfd/400

[3] https://www.youtube.com/watch?v=zrv5Cy1R7r4

Show context

tick_tock_tick ◴[01 Nov 25 01:45 UTC] No.45778599[source]▶

>>45774086 (OP) #

It seems more and more clear every day that async was rushed out the door way to quickly in Rust.

replies(2): >>45778709 #>>45779188 #

1. clarkmcc ◴[01 Nov 25 04:11 UTC] No.45779188[source]▶

>>45778599 #

I can’t say whether it was rushed out, but it’s clearly not everything it was advertised to be. Early on, the big talking point was that the async implementation was so modular you could swap runtimes like Lego bricks. In reality, that’s nowhere near true. Changing runtimes means changing every I/O dependency (mutexes, networking, fs), because everything is tightly coupled to the runtime. I raised this in a Reddit thread some time ago, and the feedback there reinforced that I'm not the only one with a sour Rust async taste in my mouth. https://www.reddit.com/r/rust/comments/1f4z84r/is_it_fair_to...

↑

Futurelock: A subtle risk in async Rust