-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking Issue for debugger_visualizer
#95939
Comments
@rustbot claim |
This comment was marked as resolved.
This comment was marked as resolved.
What's the plan for LLDB? It seems like the design of LLDB is slightly different, they err on the side of "the binary cannot be trusted", so automatically loading these kind of things is not really supported - but maybe it would be possible to provide when using |
Why #![debugger_visualizer(natvis_file = "../Foo.natvis")] in Rust code and not debug_visualizer = "foo.natvis" in Cargo.toml? |
Probably because the desire is to allow the attribute directly on types in the future. |
@rustbot claim |
Request for StabilizationI'd like to stabilize the SummaryThe following feature will be stabilized:
DocumentationI've submitted the following PR: TestsYou can find test cases in:
Real World UsageNatVis definitions have been added to various popular open-source crates:
Unresolved IssuesNo issues are known at this time. |
I feel like we should figure out the plan for LLDB (or at least |
That's a valid point. It might be worth investigating how LLDB handles embedded pretty printers and whether it has support for them. Since the repo already has LLDB debugger tests, we can consider adding tests that target LLDB, try embedding pretty printers and see if they are handled in a similar way as GDB. That said, I am not sure that this is worth delaying stabilization. At this point, the unstable status of this feature is a barrier to adoption in the Rust community. The out-of-the-box value of this feature relies on crate owners developing their own visualization definitions / pretty printers, and there has been some pushback from crate owners who would rather not support an unstable feature. (See rust-lang/regex#849) It seems reasonable to me that LLDB support can go through its own stabilization process at a later time. I'm open to further discussion, though. |
Thanks for writing up the stabilization report @gibbyfree! Overall this looks good to me. I think we should spend a little time on this point right now though:
If LLDB doesn't support embedded pretty printers, then the overall question is moot and we can go ahead and stabilize the feature for the debuggers which do support this. If LLDB does have support, then I think the information we'll want to know is "how are the pretty printers embedded?" and "how do we enable them automatically?". Depending on those answers, we can decide if it's important to do that work now (if it is actually possible) or defer until a later time. |
Thanks for taking a look @wesleywiser :) I've spent some time in the last week investigating LLDB's pretty printing capabilities. Usage of Like GDB, LLDB supports pretty printing of custom types with Python scripts. Unlike GDB, LLDB is incapable of modifying symbol file metadata. This is an important distinction. We might still be able to improve Rust's LLDB debugging experience. LLDB enables auto-loading of pretty printers by setting an environment variable, so printers can be registered in one's local environment without manual configuration. This is a bit similar to how It may be worth discussing how we choose to add support for more debuggers in the future. Maybe the "embedded" aspect isn't a hard requirement for this feature. Still, I'm inclined to think that that discussion has little bearing on the stabilization of This feature has been designed for straight-forward extension, and its current implementation shouldn't block anyone interested in hacking on LLDB support - there were slightly different approaches to supporting Natvis and GDB, and I assume that implementing support for other debuggers will require different approaches too. That said, I'm not an LLDB expert 😅 I'd love to be educated if I'm mistaken about any of this. |
Is it safe to have untrusted debug visualizers? Can they be malicious? I did a quick search through this thread and the RFC and its thread for "trust" and "security" and didnt see any discussion of this, but even though Rust already has stuff like proc macros and build.rs, those are only at build time, whereas debug visualizers embedded in a binary could have a greater reach and potential for concern for anyone debugging a Rust binary. |
Thanks for investigating @gibbyfree! It sounds like no matter what, we won't be able to provide exactly the same experience in lldb as we do in gdb or WinDbg/VS. We could collect lldb scripts into a well known path relative to the output binary in the target folder and teach @DianaNites good question! There are two different kinds of debugger visualizers supported currently: Natvis and gdb pretty printers. Natvis is a declarative language that only allows you to provide an alternative description of a type. The number of supported operations is very small and I think the most an adversarial visualizer could do would be to attempt to obscure or mislead the debugger user regarding some value in the debugger. Users are able to turn off the visualization either global or per value in supported debuggers so I don't believe there's a realistic path of attack via this avenue. Gdb pretty printers are Python scripts that run inside the embedded Python interpreter in gdb. This is an optional feature of gdb that most large distros seem to enable. I believe (but have not tested) that scripts are not sandboxed in any sort of way. As such, they could access resources on the machine hosting the debugger. gdb itself provides mechanisms to enable or disable autoloading of embedded debugger scripts. I think for most users, this is likely not an additional path of attack as they have already compiled attacker-controlled code (which could execute malicious code on their machine via proc macros or build.rs as you pointed out) and they have also run the binary which contains attacker-controlled code as well. For users with additional security needs, gdb should be configured to not autoload scripts but this is not a Rust specific concern. Does that make sense? |
I think this is ready for stabilization. @gibbyfree wrote a stabilization report and the associated PR is #108668. @rfcbot fcp merge |
Team member @wesleywiser has proposed to merge this. The next step is review by the rest of the tagged team members:
No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns. |
@rfcbot fcp reviewed -- better debugger experience ftw! |
I still don't like how the visualizer file is looked up (based on |
🔔 This is now entering its final comment period, as per the review above. 🔔 |
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. This will be merged soon. |
…zer, r=wesleywiser Stabilize debugger_visualizer This stabilizes the `debugger_visualizer` attribute (rust-lang#95939). * Marks the `debugger_visualizer` feature as `accepted`. * Marks the `debugger_visualizer` attribute as `ungated`. * Deletes feature gate test, removes feature gate from other tests. Closes rust-lang#95939
I'm concerned about the stabilization of this feature in its current state. I filed a few issues (see
F-debugger_visualizer
|
nominating for t-compiler meeting due to the above concern. if we're able to remove this asynchronously before then we can always remove the nomination. |
I agree that these issue are a blocking concern for the feature. If I'm reading the schedule right, we have until May 26 to either fix the issue or revert stabilization. |
Thanks for opening the issues, @ehuss! I've assigned myself to do an initial investigation. |
Closing this tracking issue -- I believe the feature is now stabilized, and the concerns raised were addressed. |
This is a tracking issue for RFC 3191.
The feature gate for the issue is
#![feature(debugger_visualizer)]
.About tracking issues
Tracking issues are used to record the overall progress of implementation.
They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions.
A tracking issue is however not meant for large scale discussion, questions, or bug reports about a feature.
Instead, open a dedicated issue for the specific matter and add the relevant feature gate label.
Steps
Unresolved Questions
No unresolved questions at this time.
Implementation history
Create new attribute
#[debugger_viusalizer]
and add support for embedding NatVis visualizers through this attribute: Add a new Rust attribute to support embedding debugger visualizers #91779Adding support for embedding pretty-printers via new attribute: Add support for embedding pretty printers via
#[debugger_visualizer]
attribute #97028The text was updated successfully, but these errors were encountered: