Make destructors on extern "C" frames to be executed by nbdd0121 · Pull Request #129582 · rust-lang/rust (original) (raw)

Conversation

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})

r? @nnethercote

rustbot has assigned @nnethercote.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Some changes occurred to MIR optimizations

cc @rust-lang/wg-mir-opt

rustbot added the T-compiler

Relevant to the compiler team, which will review and decide on the PR/issue.

label

Aug 25, 2024

Any ideas for how we could measure the cost of this change in real-world code?

What is actually supposed to be causing a cost in this change, other than generating slightly more landing pads?

Mostly size cost (landing pads). I guess it doesn't hurt to do a perf run?

Are there that many extern C function to cause a serious size cost?

Could you have a test that checks for the expected runtime behavior?

Am I correct in thinking that there will be no cost if built with panic=abort, it will still abort immediately?

Am I correct in thinking that there will be no cost if built with panic=abort, it will still abort immediately?

This PR does not affect panic=abort since panic=abort has no unwind paths anyway

It is concerning that CI just passes with hardly any test changes. Could you add a ui run-pass test with the example from #123231? You can model it after tests/ui/panics/panic-in-cleanup.rs.

And maybe we should have a mir-opt test as well so that one can see the UnwindTerminate terminators being generated.

If we want to go ahead with this, what do we do with beta (about to become 1.81 real soon)? I doubt we want to land a change like this so late in the cycle.

@Mark-Simulacrum can we still land a PR that reverts feature(c_unwind) stabilization (#116088) on the beta branch or is that too disruptive?

Can we document the current behaviour (prefix of frames) for 1.81 in the relnotes and then we further specify that it's all-or-nothing in 1.82?

It is concerning that CI just passes with hardly any test changes. Could you add a ui run-pass test with the example from #123231? You can model it after tests/ui/panics/panic-in-cleanup.rs.

And maybe we should have a mir-opt test as well so that one can see the UnwindTerminate terminators being generated.

Thanks for the pointer. I'll add that when I have time.

In fact you can just edit tests/ui/panics/panic-in-ffi.rs to add a type with destructor in panic_in_ffi.

I don't think there's any blockers to landing PRs on beta doing anything at this point, modulo T-compiler signoff. Reverting things to status quo on stable feels pretty safe to me.

@rustbot +T-lang +I-lang-nominated

Over here:

• panic in a no-unwind function leads to not dropping local variables #123231 (comment)

@RalfJung proposes a particular semantic that is implemented by this PR:

I think we should guarantee that we run all destructors during unwind, and leave room for "unwind might fail to initiate and abort immediately instead" to account for 2-phase unwinding. That's reasonably easy to understand. This is currently not the case but #129582 implements that, IIUC.

I'm not aware of any code that would rely on the abort happening "early", i.e. skipping some destructors. On current stable, the destructor in the OP example actually does run, so the proposed guarantee (implemented by #129582) is also closer to the status quo than what happens in current beta.

Having followed the thread, I agree this makes the most sense, so I propose...

@rfcbot fcp merge

With respect to what to do about Rust 1.81, I probably think it's fine to ship as-is as long as we're clear about the limits of the guarantees that we're making, but I'm also open to a revert if people think that makes more sense.

Edit 2024-08-28: In our meeting, we also clarified as part of this FCP that we may later add new unwinding mode with different behavior, but that those may have to take into account code that relies on the behavior of the existing modes.

traviscross added T-lang

Relevant to the language team, which will review and decide on the PR/issue.

I-lang-nominated

Nominated for discussion during a lang team meeting.

and removed T-compiler

Relevant to the compiler team, which will review and decide on the PR/issue.

labels

Aug 27, 2024

@Mark-Simulacrum can we still land a PR that reverts feature(c_unwind) stabilization (#116088) on the beta branch or is that too disruptive?

I think the only way this would make sense is if it includes the change to the status quo unwinding behavior, does it?

I think the only way this would make sense is if it includes the change to the status quo unwinding behavior, does it?

I don't understand the question.

On the current beta (soon to be 1.81), the example in #123231 changes behavior compared to 1.80. Formally speaking, in 1.80 the example was UB, and in 1.81 it is well-defined. Practically speaking, in 1.80 "Noisy Drop" was printed, and in 1.81 it is not. I don't know if anyone still relied on the 1.80 behavior, ideally everyone who used to rely on this should have migrated to the "C-unwind" ABI.

This patch makes it so that "Noisy Drop" is printed again.

Assuming that we want to land this PR, the question is: do we want to have two changes here, where 1.81 makes the behavior non-UB but includes early-abort in some cases and then 1.82 or 1.83 puts the abort always in the place we want it, or do we want to avoid such back-and-forth?

This comment was marked as resolved.

Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members:

• @joshtriplett
• @nikomatsakis
• @pnkfelix
• @scottmcm
• @tmandry
• @traviscross

No concerns currently listed.

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns.
See this document for info about what commands tagged team members can give me.

bors added S-waiting-on-review

Status: Awaiting review from the assignee but also interested parties.

and removed S-waiting-on-bors

Status: Waiting on bors to run and complete tests. Bors will change the label on completion.

labels

Sep 30, 2024

The failing test tests/run-make/longjmp-across-rust looks like UB to me.

Added in #48572.

It probably needs C-unwind?

longjmp across frames without destructors is IIRC intended to work.

Yeah, but there is a destructor here, albeit empty.

Oh. Yeah that's UB indeed.
Maybe adjust the test to remove the destructor?

Cc @alexcrichton just FYI, a test you added many years ago turns out to have UB... not sure if there's any context there that is still relevant.

It's ok times change and we learn things, I think it's a better move to consider unwinding/longjmp over rust frames with destructors as UB rather than "something that should work", so sounds like it's a good test to remove/update 👍

Removing the test is correct; longjmp over Rust frames with destructors is always UB, per RFC 2945. Such frames are not Plane Old Frames, and:

This RFC specifies that, regardless of the platform or the ABI string ("C" or "C-unwind"), any platform features that may rely on forced unwinding will always be considered undefined behavior if they cross non-POFs.

longjmp is one such platform feature that "may rely on forced unwinding."

Destructor are removed from stack because it's considered UB.

This comment was marked as off-topic.

📌 Commit bb53108 has been approved by nnethercote

It is now in the queue for this repository.

bors added S-waiting-on-bors

Status: Waiting on bors to run and complete tests. Bors will change the label on completion.

and removed S-waiting-on-review

Status: Awaiting review from the assignee but also interested parties.

labels

Oct 17, 2024

bors mentioned this pull request

Oct 17, 2024

Finished benchmarking commit (06d261d): comparison URL.

Overall result: ✅ improvements - no action needed

@rustbot label: -perf-regression

Instruction count

This is the most reliable metric that we have; it was used to determine the overall result at the top of this comment. However, even this metric can sometimes exhibit noise.

Max RSS (memory usage)

Results (secondary 5.4%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

Cycles

Results (primary 2.3%, secondary 4.5%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

Binary size

Results (primary 0.1%, secondary 0.2%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

Bootstrap: 781.077s -> 780.529s (-0.07%)
Artifact size: 333.74 MiB -> 333.89 MiB (0.04%)

tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request

Jan 22, 2025

This MR contains the following updates:

MR created with the help of el-capitano/tools/renovate-bot.

Proposed changes to behavior should be submitted there as MRs.

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

• If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

wip-sync pushed a commit to NetBSD/pkgsrc-wip that referenced this pull request

Feb 2, 2025

Pkgsrc changes:

• Adapt patches, one of the patched files were restructured upstream.
• Checksum changes.

Upstream changes:

Version 1.84.1 (2025-01-30)

• [Fix ICE 132920 in duplicate-crate diagnostics.] (rust-lang/rust#133304)
• [Fix errors for overlapping impls in incremental rebuilds.] (rust-lang/rust#133828)
• [Fix slow compilation related to the next-generation trait solver.] (rust-lang/rust#135618)
• [Fix debuginfo when LLVM's location discriminator value limit is exceeded.] (rust-lang/rust#135643)
• Fixes for building Rust from source:
  • [Only try to distribute llvm-objcopy if llvm tools are enabled.] (rust-lang/rust#134240)
  • [Add Profile Override for Non-Git Sources.] (rust-lang/rust#135433)
  • [Resolve symlinks of LLVM tool binaries before copying them.] (rust-lang/rust#135585)
  • [Make it possible to use ci-rustc on tarball sources.] (rust-lang/rust#135722)

Version 1.84.0 (2025-01-09)

Language

• [Allow #[deny] inside #[forbid] as a no-op] (rust-lang/rust#121560)
• [Show a warning when -Ctarget-feature is used to toggle features that can lead to unsoundness due to ABI mismatches] (rust-lang/rust#129884)
• [Use the next-generation trait solver in coherence] (rust-lang/rust#130654)
• [Allow coercions to drop the principal of trait objects] (rust-lang/rust#131857)
• [Support / as the path separator for include!() in all cases on Windows] (rust-lang/rust#125205)
• [Taking a raw ref (raw (const|mut)) of a deref of a pointer (*ptr) is now safe] (rust-lang/rust#129248)
• [Stabilize s390x inline assembly] (rust-lang/rust#131258)
• [Stabilize Arm64EC inline assembly] (rust-lang/rust#131781)
• [Lint against creating pointers to immediately dropped temporaries] (rust-lang/rust#128985)
• [Execute drop glue when unwinding in an extern "C" function] (rust-lang/rust#129582)

Compiler

• [Add --print host-tuple flag to print the host target tuple and affirm the "target tuple" terminology over "target triple"] (rust-lang/rust#125579)
• [Declaring functions with a calling convention not supported on the current target now triggers a hard error] (rust-lang/rust#129935)
• [Set up indirect access to external data for loongarch64-unknown-linux-{musl,ohos}] (rust-lang/rust#131583)
• [Enable XRay instrumentation for LoongArch Linux targets] (rust-lang/rust#131818)
• [Extend the unexpected_cfgs lint to also warn in external macros] (rust-lang/rust#132577)
• [Stabilize WebAssembly multivalue, reference-types, and tail-call target features] (rust-lang/rust#131080)
• [Added Tier 2 support for the wasm32v1-none target] (rust-lang/rust#131487)

Libraries

• [Implement From<&mut {slice}> for Box/Rc/Arc<{slice}>] (rust-lang/rust#129329)
• [Move <float>::copysign, <float>::abs, <float>::signum to core] (rust-lang/rust#131304)
• [Add LowerExp and UpperExp implementations to NonZero] (rust-lang/rust#131377)
• [Implement FromStr for CString and TryFrom<CString> for String] (rust-lang/rust#130608)
• [std::os::darwin has been made public] (rust-lang/rust#130635)

Stabilized APIs

• [Ipv6Addr::is_unique_local] (https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unique_local)
• [Ipv6Addr::is_unicast_link_local] (https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unicast_link_local)
• [core::ptr::with_exposed_provenance] (https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html)
• [core::ptr::with_exposed_provenance_mut] (https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.html)
• [<ptr>::addr] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr)
• [<ptr>::expose_provenance] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_provenance)
• [<ptr>::with_addr] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.with_addr)
• [<ptr>::map_addr] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.map_addr)
• [<int>::isqrt] (https://doc.rust-lang.org/stable/core/primitive.i32.html#method.isqrt)
• [<int>::checked_isqrt] (https://doc.rust-lang.org/stable/core/primitive.i32.html#method.checked_isqrt)
• [<uint>::isqrt] (https://doc.rust-lang.org/stable/core/primitive.u32.html#method.isqrt)
• [NonZero::isqrt] (https://doc.rust-lang.org/stable/core/num/struct.NonZero.html#impl-NonZero%3Cu128%3E/method.isqrt)
• [core::ptr::without_provenance] (https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance.html)
• [core::ptr::without_provenance_mut] (https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html)
• [core::ptr::dangling] (https://doc.rust-lang.org/stable/core/ptr/fn.dangling.html)
• [core::ptr::dangling_mut] (https://doc.rust-lang.org/stable/core/ptr/fn.dangling_mut.html)

These APIs are now stable in const contexts

• [AtomicBool::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicBool.html#method.from_ptr)
• [AtomicPtr::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicPtr.html#method.from_ptr)
• [AtomicU8::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU8.html#method.from_ptr)
• [AtomicU16::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU16.html#method.from_ptr)
• [AtomicU32::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU32.html#method.from_ptr)
• [AtomicU64::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU64.html#method.from_ptr)
• [AtomicUsize::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicUsize.html#method.from_ptr)
• [AtomicI8::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI8.html#method.from_ptr)
• [AtomicI16::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI16.html#method.from_ptr)
• [AtomicI32::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI32.html#method.from_ptr)
• [AtomicI64::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI64.html#method.from_ptr)
• [AtomicIsize::from_ptr] (https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicIsize.html#method.from_ptr)
• [<ptr>::is_null] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_null-1)
• [<ptr>::as_ref] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_ref-1)
• [<ptr>::as_mut] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_mut)
• [Pin::new] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new)
• [Pin::new_unchecked] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new_unchecked)
• [Pin::get_ref] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_ref)
• [Pin::into_ref] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.into_ref)
• [Pin::get_mut] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_mut)
• [Pin::get_unchecked_mut] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_unchecked_mut)
• [Pin::static_ref] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_ref)
• [Pin::static_mut] (https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_mut)

Cargo

• [Stabilize MSRV-aware resolver config] (rust-lang/cargo#14639)
• [Stabilize resolver v3] (rust-lang/cargo#14754)

Rustdoc

• [rustdoc-search: improve type-driven search] (rust-lang/rust#127589)

Compatibility Notes

• [Enable by default the LSX target feature for LoongArch Linux targets] (rust-lang/rust#132140)
• The unstable -Zprofile flag ("gcov-style" coverage instrumentation) has been removed. This does not affect the stable flags for coverage instrumentation (-Cinstrument-coverage) and profile-guided optimization (-Cprofile-generate, -Cprofile-use), which are unrelated and remain available.
• Support for the target named wasm32-wasi has been removed as the target is now named wasm32-wasip1. This completes the [transition] (rust-lang/compiler-team#607) plan for this target following [the introduction of wasm32-wasip1] (rust-lang/rust#120468) in Rust 1.78. Compiler warnings on [use of wasm32-wasi] (rust-lang/rust#126662) introduced in Rust 1.81 are now gone as well as the target is removed.
• [The syntax &pin (mut|const) T is now parsed as a type which in theory could affect macro expansion results in some edge cases] (rust-lang/rust#130635 (comment))
• [Legacy syntax for calling std::arch functions is no longer permitted to declare items or bodies (such as closures, inline consts, or async blocks).] (rust-lang/rust#130443 (comment))
• The wasm32-unknown-emscripten target's binary release of the standard library is now [built with the latest emsdk 3.1.68] (rust-lang/rust#131533), which fixes an ABI-incompatibility with Emscripten >= 3.1.42. If you are locally using a version of emsdk with an incompatible ABI (e.g. before 3.1.42 or a future one), you should build your code with -Zbuild-std to ensure that std uses the correct ABI.
• [Declaring functions with a calling convention not supported on the current target now triggers a hard error] (rust-lang/rust#129935)
• [The next-generation trait solver is now enabled for coherence, fixing multiple soundness issues] (rust-lang/rust#130654)

Labels

A-run-make

Area: port run-make Makefiles to rmake.rs

disposition-merge

This issue / PR is in PFCP or FCP with a disposition to merge it.

finished-final-comment-period

The final comment period is finished for this PR / Issue.

merged-by-bors

This PR was explicitly merged by bors.

S-waiting-on-bors

Status: Waiting on bors to run and complete tests. Bors will change the label on completion.

T-lang

Relevant to the language team, which will review and decide on the PR/issue.