Andy Wang

Here are the outdated atomic loads running up to the UAF. There are only 3. (I'm unconditionally cutting off the top two stack frames to show the actual `load()` location...

In that diagnostics trace there were two outdated reads getting the same value in this function https://github.com/vorner/arc-swap/blob/f7f192d1161d6451a277bad24494743f77d12173/src/strategy/hybrid.rs#L42-L61 I'm completely unfamiliar with `arc-swap` internals so please correct me if I'm wrong...

Thanks for the explanation. The summary of writer and reader actions are very helpful to understand the core things at play here, although I'm still not entirely certain where the...

Regarding the last "pure Rust target for Windows" bit, I wrote up a summary of things I think we need to do to remove VCRuntime dependency: https://internals.rust-lang.org/t/pre-rfc-remove-rusts-dependency-on-visual-studio-in-4-complex-steps/16708. This does not...

> LLVM can optimize such a RMW to atomic-load ( I agree with @RalfJung that it sounds like a miscompilation. In [Can Seqlocks Get Along with Programming Language Memory Models?](https://dl.acm.org/doi/pdf/10.1145/2247684.2247688)...

> There's a dmb ish there, which is a fence, isn't it? But if you change the ordering to relaxed it becomes a normal `ldr`. The x86 case is also...

This is definitely a miscompilation. This panics on arm64. I thought at least I had to separate out `GTE` and `LTE` to different cache lines, but apparently that's not even...

Issue filed with LLVM^

> Can't relaxed stores to different locations be reordered That's a good point, though if relaxed loads can be freely reordered how do this still work... ``` T1: T2: X.store(1,...

But then you can have this ``` T1 T2 X.store(1, relaxed) X.store(2, relaxed) fence(sc) DONE.store(true, ...) while !DONE.load(...) {} fence(sc) X.load(relaxed) ``` The above will create a happens before edge...