shmem api is unsound

[usamoi]

1. PGRXSharedMemory implementation of heapless is unsound.

unsafe impl<T, const N: usize> PGRXSharedMemory for heapless::Vec<T, N> {}
unsafe impl<T, const N: usize> PGRXSharedMemory for heapless::Deque<T, N> {}
unsafe impl<K: Eq + Hash, V: Default, S, const N: usize> PGRXSharedMemory
    for heapless::IndexMap<K, V, S, N>
{
}

Here T: PGRXSharedMemory, K: PGRXSharedMemory, V: PGRXSharedMemory constraint is not enforced.

heapless itself does not guarantee that these data structures are suitable for use with mmap. It might be a better approach to remove these implementations and require users to manually review heapless and lock version of heapless themselves.

2. PgAtomic requires atomic_traits::Atomic without requiring PGRXSharedMemory, which is unsound.

atomic_traits::Atomic is a safe trait and any type could implement this. Even if it's an sealed or unsafe trait, it's unsound, since it supports loom atomics, which are not real machine atomics.

3. PostgreSQL does not check for duplicate shared memory or lock names.

https://github.com/postgres/postgres/blob/REL_17_5/src/backend/storage/ipc/shmem.c#L370-L486

https://github.com/postgres/postgres/blob/REL_17_5/src/backend/storage/lmgr/lwlock.c#L659-L703

https://github.com/postgres/postgres/blob/REL_17_5/src/backend/storage/lmgr/lwlock.c#L567-L600

pg_shmem_init should be unsafe, since users must ensure that there are not name conflicts. But it's safe to call it.

4. PgSpinLock is not constrained by T: PGRXSharedMemory too.