Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change Allocation error default behaviour #366

Closed
1 of 3 tasks
XAMPPRocky opened this issue Sep 20, 2020 · 1 comment
Closed
1 of 3 tasks

Change Allocation error default behaviour #366

XAMPPRocky opened this issue Sep 20, 2020 · 1 comment
Labels
major-change A proposal to make a major change to rustc

Comments

@XAMPPRocky
Copy link
Member

Proposal

There have been a couple discussions about using Rust in larger systems. One of the current gotchas around using Rust in this context is that allocation errors (such as Out Of Memory) cause an abort by default.

Since aborts are not recoverable, this means that any call into the Rust component can unintentionally bring down the whole system. Thankfully this can be overridden with std::alloc::set_alloc_error_hook. There are two major issues with the current solution however.

The first is that this is currently a nightly API with no clear path to stabilisation, so this requires you to use nightly compiler for your library, even if you the rest of your crate only uses stable features. The second is that this is not supposed to work. The alloc error function is currently set as #[rustc_allocator_nounwind] but panic unwinding inside it works anyway.

Instead of stabilising this API I would like to propose changing the default alloc error implementation to panic, this would allow allocation errors to be caught at the FFI boundary on stable, without having to stabilise the override hook API. This would also remove the need for FFI libraries to expose a unset_abort or similar function to override the default behaviour. For panic=abort users there will be essentially no changes.

Related Issues

Mentors or Reviewers

Process

The main points of the Major Change Process is as follows:

  • File an issue describing the proposal.
  • A compiler team member or contributor who is knowledgeable in the area can second by writing @rustbot second.
    • Finding a "second" suffices for internal changes. If however you are proposing a new public-facing feature, such as a -C flag, then full team check-off is required.
    • Compiler team members can initiate a check-off via @rfcbot fcp merge on either the MCP or the PR.
  • Once an MCP is seconded, the Final Comment Period begins. If no objections are raised after 10 days, the MCP is considered approved.

You can read more about Major Change Proposals on forge.

Comments

This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.
@joshtriplett joshtriplett added the major-change A proposal to make a major change to rustc label Sep 20, 2020
@rustbot
Copy link
Collaborator

rustbot commented Sep 20, 2020

This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.

@rustbot rustbot added the to-announce Announce this issue on triage meeting label Sep 20, 2020
@spastorino spastorino removed the to-announce Announce this issue on triage meeting label Sep 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
major-change A proposal to make a major change to rustc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spastorino @joshtriplett @XAMPPRocky @rustbot