Skip to content

Remove -Zoom=panic #147725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Remove -Zoom=panic #147725

wants to merge 4 commits into from
+346 −437

Conversation

bjorn3
Copy link
Member

@bjorn3 bjorn3 commented Oct 15, 2025
edited by RalfJung
Loading

There are major questions remaining about the reentrancy that this allows. It doesn't have any users on github outside of a single project that uses it in a panic=abort project to show backtraces. It can still be emulated through #[alloc_error_handler] or set_alloc_error_hook depending on if you use the standard library or not. And finally it makes it harder to do various improvements to the allocator shim.

This also adds support for showing backtraces on the first call of the libstd alloc error handler to satisfy the needs of this single project on github that uses it and because it seems generally useful to have. If an allocation while printing the backtrace fails, we don't try to print another backtrace as that will never succeed.

With this PR the sole remaining symbol in the allocator shim that is not effectively emulating weak symbols is the symbol that prevents skipping the allocator shim on stable even when it would otherwise be empty because libstd + #[global_allocator] is used.

Based on #147718 for conflict reasons.

Closes #43596
Fixes #126683

@rustbot
Copy link
Collaborator

rustbot commented Oct 15, 2025

The Miri subtree was changed

cc @rust-lang/miri

Some changes occurred in compiler/rustc_codegen_ssa

cc @WaffleLapkin

Some changes occurred in compiler/rustc_codegen_gcc

cc @antoyo, @GuillaumeGomez

@rustbot rustbot added A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 15, 2025
@rustbot rustbot added T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Oct 15, 2025
@rustbot
Copy link
Collaborator

rustbot commented Oct 15, 2025

r? @lcnr

rustbot has assigned @lcnr.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
This was referenced Oct 15, 2025
Open
Open
bjorn3 added 2 commits October 15, 2025 15:05
@bjorn3
Remove -Zoom=panic
8130383 
There are major questions remaining about the reentrancy that this
allows. It doesn't have any users on github outside of a single project
that uses it in a panic=abort project to show backtraces. It
can still be emulated through #[alloc_error_handler] or
set_alloc_error_hook depending on if you use the standard library or
not. And finally it makes it harder to do various improvements to the
allocator shim.
@bjorn3
Show backtrace on allocation failures when possible
8800809
@RalfJung
Copy link
Member

Cc @rust-lang/wg-allocators

RalfJung
RalfJung reviewed Oct 15, 2025
View reviewed changes
@kornelski
Copy link
Contributor

kornelski commented Oct 15, 2025
edited
Loading

I've been waiting for oom=panic to stabilize!!!

At Cloudflare we were waiting for ability to use it in servers. It was part of the RFC https://github.com/rust-lang/rfcs/blob/master/text/2116-alloc-me-maybe.md#user-profile-server. We currently aren't only because we use stable Rust, and have a ton of hacks in place already put in due to suffering from lack of this feature. In some places we do rely on panics from allocators not being totally UB any more.

Is removal of oom=panic removing just the convenience option, or is the goal to forbid unwinding on allocation failures completely? Will it be allowed to panic in alloc_error_handler or in global allocator functions? (and have it unwind whenever possible instead of always aborting?)

@bjorn3
Copy link
Member Author

bjorn3 commented Oct 15, 2025

You can still panic in the alloc error hook you register with std::alloc::set_alloc_error_hook with this PR (or the #[alloc_error_handler] if you don't use libstd). Any stabilization of this is blocked on the same reentrancy soundness questions as -Zoom=panic. The only allocation errors that set_alloc_error_hook doesn't cover that -Zoom=panic does is for allocations in code running before user code runs, but panics there can't be recovered from anyway.

@bjorn3
Copy link
Member Author

bjorn3 commented Oct 15, 2025

You can still panic in the alloc error hook you register with std::alloc::set_alloc_error_hook with this PR

In fact I changed the existing -Zoom=panic test to test this behavior: tests/ui/panics/alloc_error_hook-unwind.rs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RalfJung RalfJung RalfJung left review comments

Assignees

@lcnr lcnr

Labels

A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

-Zoom=panic double panic due to panicking allocating Tracking issue for oom=panic (RFC 2116)

6 participants

@bjorn3 @rustbot @rust-log-analyzer @RalfJung @kornelski @lcnr