Send and Sync traits for Future should be bound by T: Send

[ammaraskar]

Hi there, we (Rust group @sslab-gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that tiny_future implements Send and Sync for all types:

/~https://github.com/KizzyCode/tiny_future/blob/50bd80f874c851413a721bbe144eeba4dfb68b4e/src/lib.rs#L165-L166

This should probably be bound by T: Send, otherwise this allows non-Send types such as Rc to be sent across thread boundaries which might invoke undefined behavior.

Here's an example of this in action with an Rc segfaulting safe Rust code:

#![forbid(unsafe_code)]

use tiny_future::Future;
use std::{thread, rc::Rc};

fn main() {
    let rc = Rc::new(());
    let rc_clone = rc.clone();

    let f = Future::with_state(());
    f.set(rc_clone);

    thread::spawn(move || {
        let smuggled_rc = f.get().unwrap();

        println!("Thread: {:p}", smuggled_rc);
        // Race the refcount with the main thread.
        for _ in 0..100_000_000 {
            smuggled_rc.clone();
        }
    });

    println!("Main:   {:p}", rc);
    for _ in 0..100_000_000 {
        rc.clone();
    }
}

Output:

Main:   0x5580ab8c1b50
Thread: 0x5580ab8c1b50

Terminated with signal 4 (SIGILL)

[KizzyCode]

Oh damn, you're right; I'll fix this 😅

Thank you very much for catching and reporting this bug; you even made a proof of concept – thats pretty cool!