Fix data races with concentrator shutdown

bwoebi · bwoebi · commit 205a42e46ece · 2026-04-14T16:56:14.000+02:00
Signed-off-by: Bob Weinand &lt;bob.weinand@datadoghq.com&gt;
diff --git a/datadog-ipc/src/atomic_option.rs b/datadog-ipc/src/atomic_option.rs
@@ -0,0 +1,123 @@
+// Copyright 2021-Present Datadog, Inc. https://www.datadoghq.com/
+// SPDX-License-Identifier: Apache-2.0
+
+//! Lock-free `Option<T>` with atomic take, valid for any `T` where
+//! `size_of::<Option<T>>() <= 8`.
+
+use std::cell::UnsafeCell;
+use std::mem::{self, MaybeUninit};
+use std::ptr;
+use std::sync::atomic::{AtomicU16, AtomicU32, AtomicU64, AtomicU8, Ordering};
+
+/// An `Option<T>` that supports lock-free atomic take.
+///
+/// # Constraints
+/// `size_of::<Option<T>>()` must be `<= 8`.  Enforced by a `debug_assert` in
+/// `From<Option<T>>`).  This holds for niche-optimised types (`NonNull<T>`,
+/// `Box<T>`, …) and for any `Option<T>` that fits in a single machine word.
+///
+/// # Storage
+/// The option is stored in a `UnsafeCell<Option<T>>`, giving it exactly the size
+/// and alignment of `Option<T>` itself.  `take()` picks the narrowest atomic that
+/// covers `size_of::<Option<T>>()` bytes — `AtomicU8` for 1-byte options up to
+/// `AtomicU64` for 5–8 byte options.  The atomic cast is valid because
+/// `align_of::<AtomicUN>() == align_of::<uN>() <= align_of::<Option<T>>()`.
+///
+/// # None sentinel
+/// The "none" bit-pattern is computed by value (`Option::<T>::None`) rather than
+/// assumed to be zero, so the implementation is correct for both niche-optimised
+/// types and discriminant-based options.
+///
+/// `UnsafeCell` provides the interior-mutability aliasing permission required by
+/// Rust's memory model when mutating through a shared reference.
+pub struct AtomicOption<T>(UnsafeCell<Option<T>>);
+
+impl<T> AtomicOption<T> {
+    /// Encode `val` as a `u64`, transferring ownership into the bit representation.
+    const fn encode(val: Option<T>) -> u64 {
+        let mut bits = 0u64;
+        unsafe {
+            ptr::copy_nonoverlapping(
+                ptr::from_ref(&val).cast::<u8>(),
+                ptr::from_mut(&mut bits).cast::<u8>(),
+                size_of::<Option<T>>(),
+            );
+            mem::forget(val);
+        }
+        bits
+    }
+
+    /// Atomically swap the storage with `new_bits`, returning the old bits.
+    #[inline]
+    fn atomic_swap(&self, new_bits: u64) -> u64 {
+        unsafe {
+            let ptr = self.0.get();
+            match size_of::<Option<T>>() {
+                1 => (*(ptr as *const AtomicU8)).swap(new_bits as u8, Ordering::AcqRel) as u64,
+                2 => (*(ptr as *const AtomicU16)).swap(new_bits as u16, Ordering::AcqRel) as u64,
+                3 | 4 => {
+                    (*(ptr as *const AtomicU32)).swap(new_bits as u32, Ordering::AcqRel) as u64
+                }
+                _ => (*(ptr as *const AtomicU64)).swap(new_bits, Ordering::AcqRel),
+            }
+        }
+    }
+
+    /// Reconstruct an `Option<T>` from its `u64` bit representation.
+    ///
+    /// # Safety
+    /// `bits` must hold a valid `Option<T>` bit-pattern in its low
+    /// `size_of::<Option<T>>()` bytes, as produced by a previous `encode`.
+    const unsafe fn decode(bits: u64) -> Option<T> {
+        let mut result = MaybeUninit::<Option<T>>::uninit();
+        ptr::copy_nonoverlapping(
+            ptr::from_ref(&bits).cast::<u8>(),
+            result.as_mut_ptr().cast::<u8>(),
+            size_of::<Option<T>>(),
+        );
+        result.assume_init()
+    }
+
+    /// Atomically replace the stored value with `None` and return what was there.
+    /// Returns `None` if the value was already taken.
+    pub fn take(&self) -> Option<T> {
+        let old = self.atomic_swap(Self::encode(None));
+        // SAFETY: `old` holds a valid `Option<T>` bit-pattern.
+        unsafe { Self::decode(old) }
+    }
+
+    /// Atomically store `val`, dropping any previous value.
+    pub fn set(&self, val: Option<T>) -> Option<T> {
+        let old = self.atomic_swap(Self::encode(val));
+        unsafe { Self::decode(old) }
+    }
+
+    /// Atomically store `Some(val)`, returning the previous value.
+    pub fn replace(&self, val: T) -> Option<T> {
+        self.set(Some(val))
+    }
+
+    /// Borrow the current value without taking it.
+    ///
+    /// # Safety
+    /// Must not be called concurrently with [`take`], [`set`], or [`replace`].
+    pub unsafe fn as_option(&self) -> &Option<T> {
+        &*self.0.get()
+    }
+}
+
+impl<T> From<Option<T>> for AtomicOption<T> {
+    fn from(val: Option<T>) -> Self {
+        // we may raise this to 16 once AtomicU128 becomes stable
+        debug_assert!(
+            size_of::<Option<T>>() <= size_of::<u64>(),
+            "AtomicOption requires size_of::<Option<T>>() <= 8, got {}",
+            size_of::<Option<T>>()
+        );
+        Self(UnsafeCell::new(val))
+    }
+}
+
+// `AtomicOption<T>` is `Send`/`Sync` when `T: Send` — same contract as `Mutex<Option<T>>`.
+unsafe impl<T: Send> Send for AtomicOption<T> {}
+unsafe impl<T: Send> Sync for AtomicOption<T> {}
diff --git a/datadog-ipc/src/lib.rs b/datadog-ipc/src/lib.rs
@@ -14,8 +14,10 @@ pub mod platform;
 pub mod rate_limiter;
 pub mod shm_stats;
 
+mod atomic_option;
 pub mod client;
 pub mod codec;
+pub use atomic_option::AtomicOption;
 
 pub use client::IpcClientConn;
 #[cfg(target_os = "linux")]
diff --git a/datadog-ipc/src/platform/mem_handle.rs b/datadog-ipc/src/platform/mem_handle.rs
@@ -3,6 +3,7 @@
 
 use crate::handles::{HandlesTransport, TransferHandles};
 use crate::platform::{mmap_handle, munmap_handle, OwnedFileHandle, PlatformHandle};
+use crate::AtomicOption;
 #[cfg(feature = "tiny-bytes")]
 use libdd_tinybytes::UnderlyingBytes;
 use serde::{Deserialize, Serialize};
@@ -39,15 +40,16 @@ pub(crate) struct ShmPath {
 
 pub struct NamedShmHandle {
     pub(crate) inner: ShmHandle,
-    pub(crate) path: Option<ShmPath>,
+    pub(crate) path: AtomicOption<Box<ShmPath>>,
 }
 
 impl NamedShmHandle {
-    pub fn get_path(&self) -> &[u8] {
-        if let Some(ref shm_path) = &self.path {
-            shm_path.name.as_bytes()
-        } else {
-            b""
+    /// # Safety
+    /// Must not be called concurrently with `unlink()`.
+    pub unsafe fn get_path(&self) -> &[u8] {
+        match self.path.as_option() {
+            Some(shm_path) => shm_path.name.to_bytes(),
+            None => b"",
         }
     }
 }
@@ -142,6 +144,16 @@ impl FileBackedHandle for NamedShmHandle {
     }
 }
 
+impl MappedMem<NamedShmHandle> {
+    /// Unlink the backing SHM file from the filesystem so new openers get `ENOENT`.
+    /// Existing mappings remain valid.  On Windows the mapping is managed by the OS
+    /// via handle reference counts and there is no filesystem entry to remove.
+    #[cfg(unix)]
+    pub fn unlink(&self) {
+        self.mem.unlink();
+    }
+}
+
 impl<T: MemoryHandle> MappedMem<T> {
     pub fn as_slice(&self) -> &[u8] {
         unsafe { std::slice::from_raw_parts(self.ptr.as_ptr().cast(), self.mem.get_size()) }
@@ -163,7 +175,9 @@ impl<T: MemoryHandle> AsRef<[u8]> for MappedMem<T> {
 }
 
 impl MappedMem<NamedShmHandle> {
-    pub fn get_path(&self) -> &[u8] {
+    /// # Safety
+    /// Must not be called concurrently with `unlink()`.
+    pub unsafe fn get_path(&self) -> &[u8] {
         self.mem.get_path()
     }
 }
@@ -178,9 +192,10 @@ impl<T: FileBackedHandle> From<MappedMem<T>> for ShmHandle {
 }
 
 impl From<MappedMem<NamedShmHandle>> for NamedShmHandle {
-    fn from(mut handle: MappedMem<NamedShmHandle>) -> NamedShmHandle {
+    fn from(handle: MappedMem<NamedShmHandle>) -> NamedShmHandle {
+        let path = handle.mem.path.take().into();
         NamedShmHandle {
-            path: handle.mem.path.take(),
+            path,
             inner: handle.into(),
         }
     }
diff --git a/datadog-ipc/src/platform/unix/mem_handle.rs b/datadog-ipc/src/platform/unix/mem_handle.rs
@@ -183,13 +183,18 @@ impl NamedShmHandle {
         Self::new(file.into(), None, size)
     }
 
+    /// Unlink the SHM file from the filesystem without unmapping it.
+    pub fn unlink(&self) {
+        let _ = self.path.take(); // Drop of Box<ShmPath> calls shm_unlink exactly once
+    }
+
     fn new(fd: OwnedFd, path: Option<CString>, size: usize) -> io::Result<NamedShmHandle> {
         Ok(NamedShmHandle {
             inner: ShmHandle {
                 handle: fd.into(),
                 size,
             },
-            path: path.map(|path| ShmPath { name: path }),
+            path: path.map(|path| Box::new(ShmPath { name: path })).into(),
         })
     }
 }
diff --git a/datadog-ipc/src/platform/unix/mem_handle_macos.rs b/datadog-ipc/src/platform/unix/mem_handle_macos.rs
@@ -141,13 +141,18 @@ impl NamedShmHandle {
         Self::new(fd, None, 0)
     }
 
+    /// Unlink the SHM name from the filesystem without unmapping existing mappings.
+    pub fn unlink(&self) {
+        let _ = self.path.take(); // Drop of Box<ShmPath> calls shm_unlink exactly once
+    }
+
     fn new(fd: OwnedFd, path: Option<CString>, size: usize) -> io::Result<NamedShmHandle> {
         Ok(NamedShmHandle {
             inner: ShmHandle {
                 handle: fd.into(),
                 size: size | NOT_COMMITTED,
             },
-            path: path.map(|path| ShmPath { name: path }),
+            path: path.map(|path| Box::new(ShmPath { name: path })).into(),
         })
     }
 }
@@ -198,6 +203,6 @@ impl<T: FileBackedHandle + From<MappedMem<T>>> MappedMem<T> {
 
 impl Drop for ShmPath {
     fn drop(&mut self) {
-        _ = shm_unlink(path_slice(&self.name));
+        _ = shm_unlink(path_slice(self.name.as_c_str()));
     }
 }
diff --git a/datadog-ipc/src/platform/windows/mem_handle.rs b/datadog-ipc/src/platform/windows/mem_handle.rs
@@ -151,7 +151,7 @@ impl NamedShmHandle {
                 handle: unsafe { PlatformHandle::from_raw_handle(handle) },
                 size,
             },
-            path: Some(ShmPath { name }),
+            path: Some(ShmPath { name }).map(Box::new).into(),
         })
     }
 }
diff --git a/datadog-ipc/src/shm_stats.rs b/datadog-ipc/src/shm_stats.rs
@@ -38,8 +38,8 @@
 //! When the active bucket is nearly full the sidecar:
 //! 1. Creates a new SHM file at the *same path* (the old file is unlinked from the filesystem but
 //!    remains accessible to processes that already have it open).
-//! 2. Sets `ShmHeader::please_reload = 1` on the **old** mapping so workers know to re-open the
-//!    path on their next `add_span` call.
+//! 2. Sets `ShmHeader::ready = 0` on the **old** mapping so workers know to re-open the path on
+//!    their next `add_span` call.
 //! 3. Holds onto the old concentrator for ≥ 1 s, flushing it periodically, to absorb any spans that
 //!    arrived before workers noticed the reload flag.
 //! 4. Drops the old concentrator after that grace period.
@@ -177,6 +177,11 @@ struct ShmBucketHeader {
 struct ShmHeader {
     /// Layout version; checked by [`ShmSpanConcentrator::open`].  Mismatch returns an error.
     version: u32,
+    /// Set to 1 by the sidecar when workers should re-open the SHM at the
+    /// same path (a new, larger mapping has been created there).
+    ready: AtomicU8,
+    /// Index (0 or 1) of the bucket currently being written to by PHP workers.
+    active_idx: AtomicU8,
     /// Width of each time bucket in nanoseconds (e.g. 10 s = 10_000_000_000).
     bucket_size_nanos: u64,
     /// Number of aggregation slots per bucket (hash-table capacity).
@@ -185,11 +190,6 @@ struct ShmHeader {
     bucket_region_size: u32,
     /// Byte capacity of the per-bucket string pool.
     string_pool_size: u32,
-    /// Index (0 or 1) of the bucket currently being written to by PHP workers.
-    active_idx: AtomicU8,
-    /// Set to 1 by the sidecar when workers should re-open the SHM at the
-    /// same path (a new, larger mapping has been created there).
-    please_reload: AtomicU8,
     /// Monotonic counter incremented on every successful flush, used as the stats sequence number.
     flush_seq: AtomicU64,
 }
@@ -381,13 +381,20 @@ impl ShmSpanConcentrator {
 
         let base = mem.as_slice_mut().as_mut_ptr();
         unsafe {
-            // fresh mmap. Initialized to zero.
+            // On Windows the named mapping may persist from a previous concentrator lifetime
+            // (workers still hold handles after the sidecar retired it). Hence explicitly reset it.
+            #[cfg(windows)]
+            std::ptr::write_bytes(base, 0, total);
+
             let hdr = &mut *(base as *mut ShmHeader);
             hdr.version = SHM_VERSION;
             hdr.bucket_size_nanos = bucket_size_nanos;
             hdr.slot_count = slot_count;
             hdr.bucket_region_size = aligned_bucket_region(slot_count, string_pool_size) as u32;
             hdr.string_pool_size = string_pool_size;
+            // Signal readiness LAST — workers see ready=0 until this store and fall back
+            // to IPC, preventing writes to a partially-initialized concentrator.
+            hdr.ready.store(1, Release);
         }
 
         Ok(ShmSpanConcentrator { mem: Arc::new(mem) })
@@ -401,6 +408,12 @@ impl ShmSpanConcentrator {
         let base = mem.as_slice().as_ptr();
         unsafe {
             let hdr = shm_header(base);
+            if hdr.ready.load(Relaxed) == 0 {
+                return Err(io::Error::new(
+                    io::ErrorKind::InvalidData,
+                    "SHM span concentrator: not yet ready",
+                ));
+            }
             if hdr.version != SHM_VERSION {
                 return Err(io::Error::new(
                     io::ErrorKind::InvalidData,
@@ -426,7 +439,19 @@ impl ShmSpanConcentrator {
     /// Workers should call this before every `add_span`; when it returns `true`
     /// they should drop this handle, call `open(path)`, and retry.
     pub fn needs_reload(&self) -> bool {
-        self.header().please_reload.load(Acquire) != 0
+        self.header().ready.load(Acquire) == 0
+    }
+
+    /// Unlink the SHM file from the filesystem so that new PHP workers cannot open it.
+    /// Existing mappings (including this one and any already open in PHP workers) remain
+    /// valid.  Call this *before* `signal_reload` when retiring a concentrator.
+    ///
+    /// Uses `Arc::get_mut` to take the path out (preventing a double-unlink on `Drop`).
+    /// If multiple `Arc` clones are alive the path cannot be taken; the unlink still
+    /// happens but `Drop` may attempt a harmless second unlink (which returns `ENOENT`).
+    pub fn unlink(&self) {
+        #[cfg(unix)]
+        self.mem.unlink();
     }
 
     /// Add a span to the currently-active bucket.  Thread-safe.
@@ -578,7 +603,7 @@ impl ShmSpanConcentrator {
 
     /// Signal workers to re-open the SHM (call before creating a new, larger one).
     pub fn signal_reload(&self) {
-        self.header().please_reload.store(1, Release);
+        self.header().ready.store(0, Release);
     }
 
     /// Drain the inactive (or both, if `force`) bucket(s) and return raw stat buckets.
diff --git a/datadog-sidecar/src/service/runtime_info.rs b/datadog-sidecar/src/service/runtime_info.rs
@@ -32,7 +32,6 @@ pub(crate) struct RuntimeInfo {
 #[derive(Default)]
 pub(crate) struct ActiveApplication {
     pub remote_config_guard: Option<RemoteConfigsGuard>,
-    pub span_concentrator_guard: Option<crate::service::stats_flusher::SpanConcentratorGuard>,
     pub env: Option<String>,
     pub app_version: Option<String>,
     pub service_name: Option<String>,
diff --git a/datadog-sidecar/src/service/sidecar_server.rs b/datadog-sidecar/src/service/sidecar_server.rs
diff --git a/datadog-sidecar/src/service/stats_flusher.rs b/datadog-sidecar/src/service/stats_flusher.rs
diff --git a/datadog-sidecar/src/shm_remote_config.rs b/datadog-sidecar/src/shm_remote_config.rs
diff --git a/libdd-trace-stats/src/stats_exporter.rs b/libdd-trace-stats/src/stats_exporter.rs

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`
`4`	`4`	`use crate::handles::{HandlesTransport, TransferHandles};`
`5`	`5`	`use crate::platform::{mmap_handle, munmap_handle, OwnedFileHandle, PlatformHandle};`
	`6`	`+use crate::AtomicOption;`
`6`	`7`	`#[cfg(feature = "tiny-bytes")]`
`7`	`8`	`use libdd_tinybytes::UnderlyingBytes;`
`8`	`9`	`use serde::{Deserialize, Serialize};`
`@@ -39,15 +40,16 @@ pub(crate) struct ShmPath {`
`39`	`40`
`40`	`41`	`pub struct NamedShmHandle {`
`41`	`42`	`pub(crate) inner: ShmHandle,`
`42`		`- pub(crate) path: Option<ShmPath>,`
	`43`	`+ pub(crate) path: AtomicOption<Box<ShmPath>>,`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`impl NamedShmHandle {`
`46`		`- pub fn get_path(&self) -> &[u8] {`
`47`		`- if let Some(ref shm_path) = &self.path {`
`48`		`- shm_path.name.as_bytes()`
`49`		`- } else {`
`50`		`- b""`
	`47`	`+ /// # Safety`
	`48`	+ /// Must not be called concurrently with `unlink()`.
	`49`	`+ pub unsafe fn get_path(&self) -> &[u8] {`
	`50`	`+ match self.path.as_option() {`
	`51`	`+ Some(shm_path) => shm_path.name.to_bytes(),`
	`52`	`+ None => b"",`
`51`	`53`	`}`
`52`	`54`	`}`
`53`	`55`	`}`
`@@ -142,6 +144,16 @@ impl FileBackedHandle for NamedShmHandle {`
`142`	`144`	`}`
`143`	`145`	`}`
`144`	`146`
	`147`	`+impl MappedMem<NamedShmHandle> {`
	`148`	+ /// Unlink the backing SHM file from the filesystem so new openers get `ENOENT`.
	`149`	`+ /// Existing mappings remain valid. On Windows the mapping is managed by the OS`
	`150`	`+ /// via handle reference counts and there is no filesystem entry to remove.`
	`151`	`+ #[cfg(unix)]`
	`152`	`+ pub fn unlink(&self) {`
	`153`	`+ self.mem.unlink();`
	`154`	`+ }`
	`155`	`+}`
	`156`	`+`
`145`	`157`	`impl<T: MemoryHandle> MappedMem<T> {`
`146`	`158`	`pub fn as_slice(&self) -> &[u8] {`
`147`	`159`	`unsafe { std::slice::from_raw_parts(self.ptr.as_ptr().cast(), self.mem.get_size()) }`
`@@ -163,7 +175,9 @@ impl<T: MemoryHandle> AsRef<[u8]> for MappedMem<T> {`
`163`	`175`	`}`
`164`	`176`
`165`	`177`	`impl MappedMem<NamedShmHandle> {`
`166`		`- pub fn get_path(&self) -> &[u8] {`
	`178`	`+ /// # Safety`
	`179`	+ /// Must not be called concurrently with `unlink()`.
	`180`	`+ pub unsafe fn get_path(&self) -> &[u8] {`
`167`	`181`	`self.mem.get_path()`
`168`	`182`	`}`
`169`	`183`	`}`
`@@ -178,9 +192,10 @@ impl<T: FileBackedHandle> From<MappedMem<T>> for ShmHandle {`
`178`	`192`	`}`
`179`	`193`
`180`	`194`	`impl From<MappedMem<NamedShmHandle>> for NamedShmHandle {`
`181`		`- fn from(mut handle: MappedMem<NamedShmHandle>) -> NamedShmHandle {`
	`195`	`+ fn from(handle: MappedMem<NamedShmHandle>) -> NamedShmHandle {`
	`196`	`+ let path = handle.mem.path.take().into();`
`182`	`197`	`NamedShmHandle {`
`183`		`- path: handle.mem.path.take(),`
	`198`	`+ path,`
`184`	`199`	`inner: handle.into(),`
`185`	`200`	`}`
`186`	`201`	`}`
Original file line number	Diff line number	Diff line change
`@@ -183,13 +183,18 @@ impl NamedShmHandle {`
`183`	`183`	`Self::new(file.into(), None, size)`
`184`	`184`	`}`
`185`	`185`
	`186`	`+ /// Unlink the SHM file from the filesystem without unmapping it.`
	`187`	`+ pub fn unlink(&self) {`
	`188`	`+ let _ = self.path.take(); // Drop of Box<ShmPath> calls shm_unlink exactly once`
	`189`	`+ }`
	`190`	`+`
`186`	`191`	`fn new(fd: OwnedFd, path: Option<CString>, size: usize) -> io::Result<NamedShmHandle> {`
`187`	`192`	`Ok(NamedShmHandle {`
`188`	`193`	`inner: ShmHandle {`
`189`	`194`	`handle: fd.into(),`
`190`	`195`	`size,`
`191`	`196`	`},`
`192`		`- path: path.map(\|path\| ShmPath { name: path }),`
	`197`	`+ path: path.map(\|path\| Box::new(ShmPath { name: path })).into(),`
`193`	`198`	`})`
`194`	`199`	`}`
`195`	`200`	`}`
Original file line number	Diff line number	Diff line change
`@@ -141,13 +141,18 @@ impl NamedShmHandle {`
`141`	`141`	`Self::new(fd, None, 0)`
`142`	`142`	`}`
`143`	`143`
	`144`	`+ /// Unlink the SHM name from the filesystem without unmapping existing mappings.`
	`145`	`+ pub fn unlink(&self) {`
	`146`	`+ let _ = self.path.take(); // Drop of Box<ShmPath> calls shm_unlink exactly once`
	`147`	`+ }`
	`148`	`+`
`144`	`149`	`fn new(fd: OwnedFd, path: Option<CString>, size: usize) -> io::Result<NamedShmHandle> {`
`145`	`150`	`Ok(NamedShmHandle {`
`146`	`151`	`inner: ShmHandle {`
`147`	`152`	`handle: fd.into(),`
`148`	`153`	`size: size \| NOT_COMMITTED,`
`149`	`154`	`},`
`150`		`- path: path.map(\|path\| ShmPath { name: path }),`
	`155`	`+ path: path.map(\|path\| Box::new(ShmPath { name: path })).into(),`
`151`	`156`	`})`
`152`	`157`	`}`
`153`	`158`	`}`
`@@ -198,6 +203,6 @@ impl<T: FileBackedHandle + From<MappedMem<T>>> MappedMem<T> {`
`198`	`203`
`199`	`204`	`impl Drop for ShmPath {`
`200`	`205`	`fn drop(&mut self) {`
`201`		`- _ = shm_unlink(path_slice(&self.name));`
	`206`	`+ _ = shm_unlink(path_slice(self.name.as_c_str()));`
`202`	`207`	`}`
`203`	`208`	`}`
Original file line number	Diff line number	Diff line change
`@@ -151,7 +151,7 @@ impl NamedShmHandle {`
`151`	`151`	`handle: unsafe { PlatformHandle::from_raw_handle(handle) },`
`152`	`152`	`size,`
`153`	`153`	`},`
`154`		`- path: Some(ShmPath { name }),`
	`154`	`+ path: Some(ShmPath { name }).map(Box::new).into(),`
`155`	`155`	`})`
`156`	`156`	`}`
`157`	`157`	`}`