A while back,
std::thread::scoped and its helper type
std::thread::JoinGuard ran into a soundness issue because Rust allows safe code to leak memory and not call its Drop destructor (via
std::mem::forget or reference cycles). As a result, the design of
std::thread::scoped ended up getting reworked (and moved to an external library) to not rely on destructors.
Reading the standard library, I came across Stdout::lock, which returns a StdoutLock. The description of Stdout::lock says “The lock is released when the returned lock goes out of scope.”, which raised red flags in my mind. Does this have the same problem as
JoinGuard? If you leak a
StdoutLock, will that cause stdout to remain permanently locked and unusable?
(At least it fails closed, rather than potentially causing a use-after-free or similar as
JoinGuard did, but this still seems like a problem.)