bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

Auto merge of #88759 - Amanieu:panic_in_drop, r=nagisa,eddyb

Browse source 
Add -Z panic-in-drop={unwind,abort} command-line option

This PR changes `Drop` to abort if an unwinding panic attempts to escape it, making the process abort instead. This has several benefits:
- The current behavior when unwinding out of `Drop` is very unintuitive and easy to miss: unwinding continues, but the remaining drops in scope are simply leaked.
- A lot of unsafe code doesn't expect drops to unwind, which can lead to unsoundness:
  - https://github.com/servo/rust-smallvec/issues/14
  - https://github.com/bluss/arrayvec/issues/3
- There is a code size and compilation time cost to this: LLVM needs to generate extra landing pads out of all calls in a drop implementation. This can compound when functions are inlined since unwinding will then continue on to process drops in the callee, which can itself unwind, etc.
  - Initial measurements show a 3% size reduction and up to 10% compilation time reduction on some crates (`syn`).

One thing to note about `-Z panic-in-drop=abort` is that *all* crates must be built with this option for it to be sound since it makes the compiler assume that dropping `Box<dyn Any>` will never unwind.

cc https://github.com/rust-lang/lang-team/issues/97
This commit is contained in:
bors 2021-09-12 20:48:09 +00:00
commit 51e514c0fb
11 changed files with 119 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

32
compiler/rustc_metadata/src/dependency_format.rs
View file

@ -400,21 +400,35 @@ fn verify_ok(tcx: TyCtxt<'_>, list: &[Linkage]) {
continue;
}
let cnum = CrateNum::new(i + 1);
let found_strategy = tcx.panic_strategy(cnum);
let is_compiler_builtins = tcx.is_compiler_builtins(cnum);
if is_compiler_builtins || desired_strategy == found_strategy {
if tcx.is_compiler_builtins(cnum) {
continue;
}
sess.err(&format!(
"the crate `{}` is compiled with the \
let found_strategy = tcx.panic_strategy(cnum);
if desired_strategy != found_strategy {
sess.err(&format!(
"the crate `{}` is compiled with the \
panic strategy `{}` which is \
incompatible with this crate's \
strategy of `{}`",
tcx.crate_name(cnum),
found_strategy.desc(),
desired_strategy.desc()
));
tcx.crate_name(cnum),
found_strategy.desc(),
desired_strategy.desc()
));
}
let found_drop_strategy = tcx.panic_in_drop_strategy(cnum);
if tcx.sess.opts.debugging_opts.panic_in_drop != found_drop_strategy {
sess.err(&format!(
"the crate `{}` is compiled with the \
panic-in-drop strategy `{}` which is \
incompatible with this crate's \
strategy of `{}`",
tcx.crate_name(cnum),
found_drop_strategy.desc(),
tcx.sess.opts.debugging_opts.panic_in_drop.desc()
));
}
}
}
}

1
compiler/rustc_metadata/src/rmeta/decoder/cstore_impl.rs
View file

@ -159,6 +159,7 @@ provide! { <'tcx> tcx, def_id, other, cdata,
has_panic_handler => { cdata.root.has_panic_handler }
is_profiler_runtime => { cdata.root.profiler_runtime }
panic_strategy => { cdata.root.panic_strategy }
panic_in_drop_strategy => { cdata.root.panic_in_drop_strategy }
extern_crate => {
let r = *cdata.extern_crate.lock();
r.map(|c| &*tcx.arena.alloc(c))

1
compiler/rustc_metadata/src/rmeta/encoder.rs
View file

@ -692,6 +692,7 @@ impl<'a, 'tcx> EncodeContext<'a, 'tcx> {
hash: tcx.crate_hash(LOCAL_CRATE),
stable_crate_id: tcx.def_path_hash(LOCAL_CRATE.as_def_id()).stable_crate_id(),
panic_strategy: tcx.sess.panic_strategy(),
panic_in_drop_strategy: tcx.sess.opts.debugging_opts.panic_in_drop,
edition: tcx.sess.edition(),
has_global_allocator: tcx.has_global_allocator(LOCAL_CRATE),
has_panic_handler: tcx.has_panic_handler(LOCAL_CRATE),

1
compiler/rustc_metadata/src/rmeta/mod.rs
View file

@ -205,6 +205,7 @@ crate struct CrateRoot<'tcx> {
hash: Svh,
stable_crate_id: StableCrateId,
panic_strategy: PanicStrategy,
panic_in_drop_strategy: PanicStrategy,
edition: Edition,
has_global_allocator: bool,
has_panic_handler: bool,