Guard against unwinding in cleanup code #92911
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
T-compiler
This comment has been minimized.
This comment has been minimized.
|
@bors try @rust-timer queue |
|
Awaiting bors try build completion. @rustbot label: +S-waiting-on-perf |
rustbot
added
the
S-waiting-on-perf
|
⌛ Trying commit 65202db0841627c4b93a331282a9e113a19233f4 with merge 7541ce347ff42c0458f27af1c6d1b57e97b9e96d... |
|
In #92828 I am changing |
|
I am a bit concerned about code bloat if this was a call to another function instead. |
|
@bors try @rust-timer queue |
|
Awaiting bors try build completion. @rustbot label: +S-waiting-on-perf |
|
⌛ Trying commit 65202db0841627c4b93a331282a9e113a19233f4 with merge bfda8be488689971b86a2ad9297918630b80322b... |
|
☀️ Try build successful - checks-actions |
|
Queued bfda8be488689971b86a2ad9297918630b80322b with parent b13a5bf, future comparison URL. |
|
Finished benchmarking commit (bfda8be488689971b86a2ad9297918630b80322b): comparison url. Summary: This change led to very large relevant mixed results 🤷 in compiler performance.
If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf. Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR led to changes in compiler perf. Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @bors rollup=never |
rustbot
added
perf-regression
|
@bors try @rust-timer queue |
|
Awaiting bors try build completion. @rustbot label: +S-waiting-on-perf |
rustbot
added
the
S-waiting-on-perf
|
⌛ Trying commit 42b41da with merge 34771111a4c6dac685e4f3443c622740bea51472... |
|
☀️ Try build successful - checks-actions |
|
Queued 34771111a4c6dac685e4f3443c622740bea51472 with parent c26fbf8, future comparison URL. |
bors
added
the
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
|
@bors r+ |
|
📌 Commit 7d683f5 has been approved by |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
|
Finished benchmarking commit (2690468): comparison url. Summary: This benchmark run shows 19 relevant improvements 🎉 but 80 relevant regressions 😿 to instruction counts.
If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf. Next Steps: If you can justify the regressions found in this perf run, please indicate this with @rustbot label: +perf-regression |
|
We've discussed about the perf regression briefly in https://rust-lang.zulipchat.com/#narrow/stream/210922-project-ffi-unwind/topic/weekly.20meeting, and our conclusion is that compile time regression can't be avoided because LLVM has more work to do. This is just compile time perf regression and it wouldn't affect runtime (this is cold path of cold path). Although currently double unwinding can be be trigger via FFI unwinding, there are some discussions about allowing Rust code to perform double unwinding too - in that case this guard will be essential. In the short term we might have to bear with this overhead in compile time, but if we made destructors nounwind by default then the overhead should go away. |
For more details see rust-lang/lang-team#97. |
riking
reviewed
May 18, 2022
| -include ../tools.mk | ||
|
|
||
| all: foo | ||
| $(call RUN,foo) | $(CGREP) -v unreachable |
There was a problem hiding this comment.
Shouldn't this be ! grep unreachable ? -v inverts the match, so if the program writes any output grep reports success.
We want instead to search for "unreachable" and fail the build if it is found.
There was a problem hiding this comment.
$(CGREP) is not grep.
rylev
added
the
perf-regression-triaged
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Jun 3, 2022
Pkgsrc changes:
* adapt patches
* new checksums
Upstream changes:
Version 1.61.0 (2022-05-19)
==========================
Language
--------
- [`const fn` signatures can now include generic trait bounds][93827]
- [`const fn` signatures can now use `impl Trait` in argument and return
position][93827]
- [Function pointers can now be created, cast, and passed around in a
`const fn`][93827]
- [Recursive calls can now set the value of a function's opaque
`impl Trait` return type][94081]
Compiler
--------
- [Linking modifier syntax in `#[link]` attributes and on the command
line, as well as the `whole-archive` modifier specifically, are now
supported][93901]
- [The `char` type is now described as UTF-32 in debuginfo][89887]
- The [`#[target_feature]`][target_feature] attribute
[can now be used with aarch64 features][90621]
- X86 [`#[target_feature = "adx"]` is now stable][93745]
Libraries
---------
- [`ManuallyDrop<T>` is now documented to have the same layout as `T`][88375]
- [`#[ignore = "#"]` messages are printed when running tests][92714]
- [Consistently show absent stdio handles on Windows as NULL handles][93263]
- [Make `std::io::stdio::lock()` return `'static` handles.][93965]
Previously, the creation of locked handles to stdin/stdout/stderr would
borrow the handles being locked, which prevented writing
`let out = std::io::stdout().lock();` because `out` would outlive
the return value of `stdout()`.
Such code now works, eliminating a common pitfall that affected many
Rust users.
- [`Vec::from_raw_parts` is now less restrictive about its inputs][95016]
- [`std::thread::available_parallelism` now takes cgroup quotas into
account.][92697] Since `available_parallelism` is often used to create a
thread pool for parallel computation, which may be CPU-bound for
performance, `available_parallelism` will return a value consistent with
the ability to use that many threads continuously, if possible.
For instance, in a container with 8 virtual CPUs but quotas only allowing
for 50% usage, `available_parallelism` will return 4.
Stabilized APIs
---------------
- [`Pin::static_mut`]
- [`Pin::static_ref`]
- [`Vec::retain_mut`]
- [`VecDeque::retain_mut`]
- [`Write` for `Cursor<[u8; N]>`][cursor-write-array]
- [`std::os::unix::net::SocketAddr::from_pathname`]
- [`std::process::ExitCode`] and [`std::process::Termination`].
The stabilization of these two API s now makes it possible for
programs to return errors from `main` with custom exit codes.
- [`std::thread::JoinHandle::is_finished`]
These APIs are now usable in const contexts:
- [`<*const T>::offset` and `<*mut T>::offset`][ptr-offset]
- [`<*const T>::wrapping_offset` and `<*mut T>::wrapping_offset`]
[ptr-wrapping_offset]
- [`<*const T>::add` and `<*mut T>::add`][ptr-add]
- [`<*const T>::sub` and `<*mut T>::sub`][ptr-sub]
- [`<*const T>::wrapping_add` and `<*mut T>::wrapping_add`][ptr-wrapping_add]
- [`<*const T>::wrapping_sub` and `<*mut T>::wrapping_sub`][ptr-wrapping_sub]
- [`<[T]>::as_mut_ptr`][slice-as_mut_ptr]
- [`<[T]>::as_ptr_range`][slice-as_ptr_range]
- [`<[T]>::as_mut_ptr_range`][slice-as_mut_ptr_range]
Cargo
-----
No feature changes, but see compatibility notes.
Compatibility Notes
-------------------
- Previously native static libraries were linked as `whole-archive` in
some cases, but now rustc tries not to use `whole-archive` unless
explicitly requested. This [change][93901] may result in linking errors
in some cases. To fix such errors, native libraries linked from the
command line, build scripts, or [`#[link]` attributes][link-attr] need to
- (more common) either be reordered to respect dependencies between them
(if `a` depends on `b` then `a` should go first and `b` second)
- (less common) or be updated to use the [`+whole-archive`] modifier.
- [Catching a second unwind from FFI code while cleaning up from a Rust
panic now causes the process to abort][92911]
- [Proc macros no longer see `ident` matchers wrapped in groups][92472]
- [The number of `#` in `r#` raw string literals is now required to be
less than 256][95251]
- [When checking that a dyn type satisfies a trait bound, supertrait
bounds are now enforced][92285]
- [`cargo vendor` now only accepts one value for each `--sync` flag]
[cargo/10448]
- [`cfg` predicates in `all()` and `any()` are always evaluated to detect
errors, instead of short-circuiting.][94295] The compatibility
considerations here arise in nightly-only code that used the
short-circuiting behavior of `all` to write something like
`cfg(all(feature = "nightly", syntax-requiring-nightly))`, which
will now fail to compile. Instead, use either `cfg_attr(feature
= "nightly", ...)` or nested uses of `cfg`.
- [bootstrap: static-libstdcpp is now enabled by default, and can
now be disabled when llvm-tools is enabled][94832]
Internal Changes
----------------
These changes provide no direct user facing benefits, but represent
significant improvements to the internals and overall performance
of rustc and related tools.
- [debuginfo: Refactor debuginfo generation for types][94261]
- [Remove the everybody loops pass][93913]
[88375]: rust-lang/rust#88375
[89887]: rust-lang/rust#89887
[90621]: rust-lang/rust#90621
[92285]: rust-lang/rust#92285
[92472]: rust-lang/rust#92472
[92697]: rust-lang/rust#92697
[92714]: rust-lang/rust#92714
[92911]: rust-lang/rust#92911
[93263]: rust-lang/rust#93263
[93745]: rust-lang/rust#93745
[93827]: rust-lang/rust#93827
[93901]: rust-lang/rust#93901
[93913]: rust-lang/rust#93913
[93965]: rust-lang/rust#93965
[94081]: rust-lang/rust#94081
[94261]: rust-lang/rust#94261
[94295]: rust-lang/rust#94295
[94832]: rust-lang/rust#94832
[95016]: rust-lang/rust#95016
[95251]: rust-lang/rust#95251
[`+whole-archive`]: https://doc.rust-lang.org/stable/rustc/command-line-arguments.html#linking-modifiers-whole-archive
[`Pin::static_mut`]: https://doc.rust-lang.org/stable/std/pin/struct.Pin.html#method.static_mut
[`Pin::static_ref`]: https://doc.rust-lang.org/stable/std/pin/struct.Pin.html#method.static_ref
[`Vec::retain_mut`]: https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#method.retain_mut
[`VecDeque::retain_mut`]: https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.retain_mut
[`std::os::unix::net::SocketAddr::from_pathname`]: https://doc.rust-lang.org/stable/std/os/unix/net/struct.SocketAddr.html#method.from_pathname
[`std::process::ExitCode`]: https://doc.rust-lang.org/stable/std/process/struct.ExitCode.html
[`std::process::Termination`]: https://doc.rust-lang.org/stable/std/process/trait.Termination.html
[`std::thread::JoinHandle::is_finished`]: https://doc.rust-lang.org/stable/std/thread/struct.JoinHandle.html#method.is_finished
[cargo/10448]: rust-lang/cargo#10448
[cursor-write-array]: https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#impl-Write-4
[link-attr]: https://doc.rust-lang.org/stable/reference/items/external-blocks.html#the-link-attribute
[ptr-add]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.add
[ptr-offset]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.offset
[ptr-sub]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.sub
[ptr-wrapping_add]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_add
[ptr-wrapping_offset]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_offset
[ptr-wrapping_sub]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_sub
[slice-as_mut_ptr]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_mut_ptr
[slice-as_mut_ptr_range]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_mut_ptr_range
[slice-as_ptr_range]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_ptr_range
[target_feature]: https://doc.rust-lang.org/reference/attributes/codegen.html#the-target_feature-attribute
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Aug 31, 2022
Pkgsrc changes: * Bump required GCC to 7 (same as LLVM) to avoid ABI issues Fixes native i386 and powerpc 8.x build w/pkgsrc LLVM 14 * Bump available bootstraps to 1.61.0. * Also unlimit stacksize * Sync patches over from wip/rust * Adjust line number in patches which had non-zero offsets. * no longer pass -I/usr/pkg/include through via gcc-wrap script when building natively. Attempt at fixing version skew with curl package vs. internal version of curl (may not work...) * The NetBSD bootstraps now use .xz compression. * Use mk/atomic64.mk. Still have conditional for libatomic-links. * Default to using the internal LLVM when cross-building. Upstream changes: Version 1.62.1 (2022-07-19) ========================== Rust 1.62.1 addresses a few recent regressions in the compiler and standard library, and also mitigates a CPU vulnerability on Intel SGX. * [The compiler fixed unsound function coercions involving `impl Trait` return types.][98608] * [The compiler fixed an incremental compilation bug with `async fn` lifetimes.][98890] * [Windows added a fallback for overlapped I/O in synchronous reads and writes.][98950] * [The `x86_64-fortanix-unknown-sgx` target added a mitigation for the MMIO stale data vulnerability][98126], advisory [INTEL-SA-00615]. [98608]: rust-lang/rust#98608 [98890]: rust-lang/rust#98890 [98950]: rust-lang/rust#98950 [98126]: rust-lang/rust#98126 [INTEL-SA-00615]: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html Version 1.62.0 (2022-06-30) ========================== Language -------- - [Stabilize `#[derive(Default)]` on enums with a `#[default]` variant][94457] - [Stop validating some checks in dead code after functions with uninhabited return types][93313] - [Fix constants not getting dropped if part of a diverging expression][94775] - [Support unit struct/enum variant in destructuring assignment][95380] - [Remove mutable_borrow_reservation_conflict lint and allow the code pattern][96268] Compiler -------- - [linker: Stop using whole-archive on dependencies of dylibs][96436] - [Make `unaligned_references` lint deny-by-default][95372] This lint is also a future compatibility lint, and is expected to eventually become a hard error. - [Only add codegen backend to dep info if -Zbinary-dep-depinfo is used][93969] - [Reject `#[thread_local]` attribute on non-static items][95006] - [Add tier 3 `aarch64-pc-windows-gnullvm` and `x86_64-pc-windows-gnullvm` targets\*][94872] - [Implement a lint to warn about unused macro rules][96150] - [Promote `x86_64-unknown-none` target to Tier 2\*][95705] \* Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Move `CStr` to libcore, and `CString` to liballoc][94079] - [Windows: Use a pipe relay for chaining pipes][95841] - [Replace Linux Mutex and Condvar with futex based ones.][95035] - [Replace RwLock by a futex based one on Linux][95801] - [std: directly use pthread in UNIX parker implementation][96393] Stabilized APIs --------------- - [`bool::then_some`] - [`f32::total_cmp`] - [`f64::total_cmp`] - [`Stdin::lines`] - [`windows::CommandExt::raw_arg`] - [`impl<T: Default> Default for AssertUnwindSafe<T>`] - [`From<Rc<str>> for Rc<[u8]>`][rc-u8-from-str] - [`From<Arc<str>> for Arc<[u8]>`][arc-u8-from-str] - [`FusedIterator for EncodeWide`] - [RDM intrinsics on aarch64][stdarch/1285] Clippy ------ - [Create clippy lint against unexpectedly late drop for temporaries in match scrutinee expressions][94206] Cargo ----- - Added the `cargo add` command for adding dependencies to `Cargo.toml` from the command-line. [docs](https://doc.rust-lang.org/nightly/cargo/commands/cargo-add.html) - Package ID specs now support `name@version` syntax in addition to the previous `name:version` to align with the behavior in `cargo add` and other tools. `cargo install` and `cargo yank` also now support this syntax so the version does not need to passed as a separate flag. - The `git` and `registry` directories in Cargo's home directory (usually `~/.cargo`) are now marked as cache directories so that they are not included in backups or content indexing (on Windows). - Added automatic `@` argfile support, which will use "response files" if the command-line to `rustc` exceeds the operating system's limit. Compatibility Notes ------------------- - `cargo test` now passes `--target` to `rustdoc` if the specified target is the same as the host target. [#10594](rust-lang/cargo#10594) - [rustdoc: Remove .woff font files][96279] - [Enforce Copy bounds for repeat elements while considering lifetimes][95819] Internal Changes ---------------- - [Unify ReentrantMutex implementations across all platforms][96042] These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. [93313]: rust-lang/rust#93313 [93969]: rust-lang/rust#93969 [94079]: rust-lang/rust#94079 [94206]: rust-lang/rust#94206 [94457]: rust-lang/rust#94457 [94775]: rust-lang/rust#94775 [94872]: rust-lang/rust#94872 [95006]: rust-lang/rust#95006 [95035]: rust-lang/rust#95035 [95372]: rust-lang/rust#95372 [95380]: rust-lang/rust#95380 [95431]: rust-lang/rust#95431 [95705]: rust-lang/rust#95705 [95801]: rust-lang/rust#95801 [95819]: rust-lang/rust#95819 [95841]: rust-lang/rust#95841 [96042]: rust-lang/rust#96042 [96150]: rust-lang/rust#96150 [96268]: rust-lang/rust#96268 [96279]: rust-lang/rust#96279 [96393]: rust-lang/rust#96393 [96436]: rust-lang/rust#96436 [96557]: rust-lang/rust#96557 [`bool::then_some`]: https://doc.rust-lang.org/stable/std/primitive.bool.html#method.then_some [`f32::total_cmp`]: https://doc.rust-lang.org/stable/std/primitive.f32.html#method.total_cmp [`f64::total_cmp`]: https://doc.rust-lang.org/stable/std/primitive.f64.html#method.total_cmp [`Stdin::lines`]: https://doc.rust-lang.org/stable/std/io/struct.Stdin.html#method.lines [`impl<T: Default> Default for AssertUnwindSafe<T>`]: https://doc.rust-lang.org/stable/std/panic/struct.AssertUnwindSafe.html#impl-Default [rc-u8-from-str]: https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#impl-From%3CRc%3Cstr%3E%3E [arc-u8-from-str]: https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#impl-From%3CArc%3Cstr%3E%3E [stdarch/1285]: rust-lang/stdarch#1285 [`windows::CommandExt::raw_arg`]: https://doc.rust-lang.org/stable/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg [`FusedIterator for EncodeWide`]: https://doc.rust-lang.org/stable/std/os/windows/ffi/struct.EncodeWide.html#impl-FusedIterator Version 1.61.0 (2022-05-19) ========================== Language -------- - [`const fn` signatures can now include generic trait bounds][93827] - [`const fn` signatures can now use `impl Trait` in argument and return position][93827] - [Function pointers can now be created, cast, and passed around in a `const fn`][93827] - [Recursive calls can now set the value of a function's opaque `impl Trait` return type][94081] Compiler -------- - [Linking modifier syntax in `#[link]` attributes and on the command line, as well as the `whole-archive` modifier specifically, are now supported][93901] - [The `char` type is now described as UTF-32 in debuginfo][89887] - The [`#[target_feature]`][target_feature] attribute [can now be used with aarch64 features][90621] - X86 [`#[target_feature = "adx"]` is now stable][93745] Libraries --------- - [`ManuallyDrop<T>` is now documented to have the same layout as `T`][88375] - [`#[ignore = "#"]` messages are printed when running tests][92714] - [Consistently show absent stdio handles on Windows as NULL handles][93263] - [Make `std::io::stdio::lock()` return `'static` handles.][93965] Previously, the creation of locked handles to stdin/stdout/stderr would borrow the handles being locked, which prevented writing `let out = std::io::stdout().lock();` because `out` would outlive the return value of `stdout()`. Such code now works, eliminating a common pitfall that affected many Rust users. - [`Vec::from_raw_parts` is now less restrictive about its inputs][95016] - [`std::thread::available_parallelism` now takes cgroup quotas into account.][92697] Since `available_parallelism` is often used to create a thread pool for parallel computation, which may be CPU-bound for performance, `available_parallelism` will return a value consistent with the ability to use that many threads continuously, if possible. For instance, in a container with 8 virtual CPUs but quotas only allowing for 50% usage, `available_parallelism` will return 4. Stabilized APIs --------------- - [`Pin::static_mut`] - [`Pin::static_ref`] - [`Vec::retain_mut`] - [`VecDeque::retain_mut`] - [`Write` for `Cursor<[u8; N]>`][cursor-write-array] - [`std::os::unix::net::SocketAddr::from_pathname`] - [`std::process::ExitCode`] and [`std::process::Termination`]. The stabilization of these two API s now makes it possible for programs to return errors from `main` with custom exit codes. - [`std::thread::JoinHandle::is_finished`] These APIs are now usable in const contexts: - [`<*const T>::offset` and `<*mut T>::offset`][ptr-offset] - [`<*const T>::wrapping_offset` and `<*mut T>::wrapping_offset`] [ptr-wrapping_offset] - [`<*const T>::add` and `<*mut T>::add`][ptr-add] - [`<*const T>::sub` and `<*mut T>::sub`][ptr-sub] - [`<*const T>::wrapping_add` and `<*mut T>::wrapping_add`][ptr-wrapping_add] - [`<*const T>::wrapping_sub` and `<*mut T>::wrapping_sub`][ptr-wrapping_sub] - [`<[T]>::as_mut_ptr`][slice-as_mut_ptr] - [`<[T]>::as_ptr_range`][slice-as_ptr_range] - [`<[T]>::as_mut_ptr_range`][slice-as_mut_ptr_range] Cargo ----- No feature changes, but see compatibility notes. Compatibility Notes ------------------- - Previously native static libraries were linked as `whole-archive` in some cases, but now rustc tries not to use `whole-archive` unless explicitly requested. This [change][93901] may result in linking errors in some cases. To fix such errors, native libraries linked from the command line, build scripts, or [`#[link]` attributes][link-attr] need to - (more common) either be reordered to respect dependencies between them (if `a` depends on `b` then `a` should go first and `b` second) - (less common) or be updated to use the [`+whole-archive`] modifier. - [Catching a second unwind from FFI code while cleaning up from a Rust panic now causes the process to abort][92911] - [Proc macros no longer see `ident` matchers wrapped in groups][92472] - [The number of `#` in `r#` raw string literals is now required to be less than 256][95251] - [When checking that a dyn type satisfies a trait bound, supertrait bounds are now enforced][92285] - [`cargo vendor` now only accepts one value for each `--sync` flag] [cargo/10448] - [`cfg` predicates in `all()` and `any()` are always evaluated to detect errors, instead of short-circuiting.][94295] The compatibility considerations here arise in nightly-only code that used the short-circuiting behavior of `all` to write something like `cfg(all(feature = "nightly", syntax-requiring-nightly))`, which will now fail to compile. Instead, use either `cfg_attr(feature = "nightly", ...)` or nested uses of `cfg`. - [bootstrap: static-libstdcpp is now enabled by default, and can now be disabled when llvm-tools is enabled][94832] Internal Changes ---------------- These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. - [debuginfo: Refactor debuginfo generation for types][94261] - [Remove the everybody loops pass][93913] [88375]: rust-lang/rust#88375 [89887]: rust-lang/rust#89887 [90621]: rust-lang/rust#90621 [92285]: rust-lang/rust#92285 [92472]: rust-lang/rust#92472 [92697]: rust-lang/rust#92697 [92714]: rust-lang/rust#92714 [92911]: rust-lang/rust#92911 [93263]: rust-lang/rust#93263 [93745]: rust-lang/rust#93745 [93827]: rust-lang/rust#93827 [93901]: rust-lang/rust#93901 [93913]: rust-lang/rust#93913 [93965]: rust-lang/rust#93965 [94081]: rust-lang/rust#94081 [94261]: rust-lang/rust#94261 [94295]: rust-lang/rust#94295 [94832]: rust-lang/rust#94832 [95016]: rust-lang/rust#95016 [95251]: rust-lang/rust#95251 [`+whole-archive`]: https://doc.rust-lang.org/stable/rustc/command-line-arguments.html#linking-modifiers-whole-archive [`Pin::static_mut`]: https://doc.rust-lang.org/stable/std/pin/struct.Pin.html#method.static_mut [`Pin::static_ref`]: https://doc.rust-lang.org/stable/std/pin/struct.Pin.html#method.static_ref [`Vec::retain_mut`]: https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#method.retain_mut [`VecDeque::retain_mut`]: https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.retain_mut [`std::os::unix::net::SocketAddr::from_pathname`]: https://doc.rust-lang.org/stable/std/os/unix/net/struct.SocketAddr.html#method.from_pathname [`std::process::ExitCode`]: https://doc.rust-lang.org/stable/std/process/struct.ExitCode.html [`std::process::Termination`]: https://doc.rust-lang.org/stable/std/process/trait.Termination.html [`std::thread::JoinHandle::is_finished`]: https://doc.rust-lang.org/stable/std/thread/struct.JoinHandle.html#method.is_finished [cargo/10448]: rust-lang/cargo#10448 [cursor-write-array]: https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#impl-Write-4 [link-attr]: https://doc.rust-lang.org/stable/reference/items/external-blocks.html#the-link-attribute [ptr-add]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.add [ptr-offset]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.offset [ptr-sub]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.sub [ptr-wrapping_add]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_add [ptr-wrapping_offset]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_offset [ptr-wrapping_sub]: https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.wrapping_sub [slice-as_mut_ptr]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_mut_ptr [slice-as_mut_ptr_range]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_mut_ptr_range [slice-as_ptr_range]: https://doc.rust-lang.org/stable/std/primitive.slice.html#method.as_ptr_range [target_feature]: https://doc.rust-lang.org/reference/attributes/codegen.html#the-target_feature-attribute
|
Given that this landed without t-lang involvement, I assume this guard is not a guarantee, it is just us being helpful? In particular, the Rust code in the OP is still UB, we just choose to not exploit that UB? |
|
(Follow-up discussion happened on Zulip.) |
2 tasks
11 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently the only safe guard we have against double unwind is the panic count (which is local to Rust). When double unwinds indeed happen (e.g. C++ exception + Rust panic, or two C++ exceptions), then the second unwind actually goes through and the first unwind is leaked. This can cause UB. cc rust-lang/project-ffi-unwind#6
E.g. given the following C++ code:
This program is well-defined to terminate:
But this Rust code doesn't catch the double unwind:
To address this issue, this PR adds an unwind edge to an abort block, so that the Rust example aborts. This is similar to how clang guards against double unwind (except clang calls terminate per C++ spec and we abort).
The cost should be very small; it's an additional trap instruction (well, two for now, since we use TrapUnreachable, but that's a different issue) for each function with landing pads; if LLVM gains support to encode "abort/terminate" info directly in LSDA like GCC does, then it'll be free. It's an additional basic block though so compile time may be worse, so I'd like a perf run.
r? @ghost
@rustbot label: F-c_unwind