aborts: Clarify documentation and comments #85377
Conversation
|
r? @m-ou-se (rust-highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
I have a WIP branch to make panic aborts all be |
How will you handle system that don't have |
This is in |
| // See the public documentation for `intrinsics::abort()` and `process::abort()` | ||
| // for further discussion. | ||
| // | ||
| // There is confusion about whether libc::abort() flushes stdio streams. |
There was a problem hiding this comment.
Perhaps mention it is implementation-defined as a first point (C18 7.22.4.1p1).
| // for further discussion. | ||
| // | ||
| // There is confusion about whether libc::abort() flushes stdio streams. | ||
| // libc::abort() is required by ISO C 99 (7.14.1.1p5) to be async-signal-safe, |
There was a problem hiding this comment.
It would be better to point to C18 (it is still 7.14.1.1p5).
|
What motivated opening #40230 is that Servo has a "crash handler" registered for When aborting with |
Yes, this is not an uncommon technique. I'm not sure, though, why
Yes, the usual approach to this problem is indeed to make sure the signal handler does not run recursively. You can easily have the kernel reset the signal handler for you: pass the Do you think my docs here would have been sufficient to help your former selves? :-) |
I’m not sure either. Presumably printing the stack is less useful in cases of deliberate abort than for crashes caused by Undefined Behavior? I just realized that it’s the |
crlf0710
added
S-waiting-on-review
library/core/src/intrinsics.rs
Outdated
| /// The current implementation of `intrinsics::abort` (ab)uses a debug trap | ||
| /// on some popular platforms. | ||
| /// On Unix, the | ||
| /// process will probably die of a signal like `SIGABRT`, `SIGILL`, `SIGTRAP`, `SIGSEGV` or | ||
| /// `SIGBUS`. The precise behaviour is not guaranteed and not stable. |
There was a problem hiding this comment.
Two notes:
- I don't think there's much use in calling this 'abuse'.
- In the rest of
stdwe use the word 'terminate' instead of 'die' for processes.
How about something like this?
| /// The current implementation of `intrinsics::abort` (ab)uses a debug trap | |
| /// on some popular platforms. | |
| /// On Unix, the | |
| /// process will probably die of a signal like `SIGABRT`, `SIGILL`, `SIGTRAP`, `SIGSEGV` or | |
| /// `SIGBUS`. The precise behaviour is not guaranteed and not stable. | |
| /// The current implementation of `intrinsics::abort` results in an invalid | |
| /// instruction on most platforms. On Unix, this will probably cause the | |
| /// process to be terminated with a signal like `SIGABRT`, `SIGILL`, | |
| /// `SIGTRAP`, `SIGSEGV` or `SIGBUS`. The precise behaviour is not | |
| /// guaranteed and not stable. |
There was a problem hiding this comment.
Thaks for the attention. I have more-or-less adopted your suggestions. I preferred a more active voice.
|
I have (belatedly) enabled the pre-push hook that stops me pushing those empty WIP commits. Apologies for the noise. |
crlf0710
added
S-waiting-on-review
|
☔ The latest upstream changes (presumably #86817) made this pull request unmergeable. Please resolve the merge conflicts. |
In the docs for intrinsics::abort(): * Strengthen the recommendation by to use process::abort instead. * Document the fact that it (ab)uses an LLVM debug trap and what the likely consequences are. * State that the precise behaviour is unstable. In the docs for process::abort(): * Promise that we have the same behaviour as C `abort()`. * Document the likely consequences, including, specifically, the consequences on Unix. In the internal comment for unix::abort_internal: * Refer to the public docs for the public API functions. * Correct and expand the description of libc::abort. Specifically: * Do not claim that abort() unregisters signal handlers. It doesn't; it honours the SIGABRT handler. * Discuss, extensively, the issue with abort() flushing stdio buffers. * Describe the glibc behaviour in some detail. Co-authored-by: Mark Wooding <mdw@distorted.org.uk> Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
As per discussion here rust-lang#85377 (review) Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
There is discussion of this in rust-lang#40230 which requests clarification. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
And withdraw the allegation of "abuse". Adapted from a suggestion by @m-ou-se. Co-authored-by: Mara Bos <m-ou.se@m-ou.se> Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Adapted from a suggestion by @m-ou-se. Co-authored-by: Mara Bos <m-ou.se@m-ou.se> Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Co-authored-by: Yuki Okushi <jtitor@2k36.org>
|
Applied a suggestion and rebased for a merge conflict. @bors r+ rollup |
|
📌 Commit 08d912f has been approved by |
bors
added
S-waiting-on-bors
|
Mara Bos writes ("Re: [rust-lang/rust] aborts: Clarify documentation and comments (#85377)"):
Applied a suggestion and rebased for a merge conflict.
Oh, thank you!
…--
Ian Jackson ***@***.***> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
|
Rollup of 7 pull requests Successful merges: - rust-lang#83581 (Add std::os::unix::fs::DirEntryExt2::file_name_ref(&self) -> &OsStr) - rust-lang#85377 (aborts: Clarify documentation and comments) - rust-lang#86685 (double-check mutability inside Allocation) - rust-lang#86794 (Stabilize `Seek::rewind()`) - rust-lang#86852 (Remove some doc aliases) - rust-lang#86878 (:arrow_up: rust-analyzer) - rust-lang#86886 (Remove `impl Clean for {Ident, Symbol}`) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
In the docs for intrinsics::abort():
In the docs for process::abort():
abort().In the internal comment for unix::abort_internal:
Co-authored-by: Mark Wooding mdw@distorted.org.uk
Signed-off-by: Ian Jackson ijackson@chiark.greenend.org.uk
Fixes #40230