async cancellation hazards - consider select_safe! or other countermeasures
As
discussed
in various
places
there is a hazard with futures, particularly with select!
(or constructs and combinators with similar semantics).
It would be good to do something to try to reduce the risk of us writing those bugs. Sadly this is an open research problem in upstream Rust. However as part of the discussion surrounding !514 (merged) we had some ideas.
The most promising proposal was to introduce a select_safe!
macro which would wrap select!
, and arrange for the arms' body blocks to not be able to await
. This wouldn't be perfect but it would perhaps force cancellation-unsafety bugs to be written in an unnatural way that would be spotted during code review. There are some difficulties with this, notably that implementing this using closures would probably break ?
type inference unless the macro was told the surrounding error type. And that select!
has a complex argument synntax whose parsing we might have to reimplement a lot of.