Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rustc: Implement custom panic runtimes #32900

Merged
merged 2 commits into from
May 10, 2016
Merged

Commits on May 9, 2016

  1. rustc: Implement custom panic runtimes

    This commit is an implementation of [RFC 1513] which allows applications to
    alter the behavior of panics at compile time. A new compiler flag, `-C panic`,
    is added and accepts the values `unwind` or `panic`, with the default being
    `unwind`. This model affects how code is generated for the local crate, skipping
    generation of landing pads with `-C panic=abort`.
    
    [RFC 1513]: https://github.com/rust-lang/rfcs/blob/master/text/1513-less-unwinding.md
    
    Panic implementations are then provided by crates tagged with
    `#![panic_runtime]` and lazily required by crates with
    `#![needs_panic_runtime]`. The panic strategy (`-C panic` value) of the panic
    runtime must match the final product, and if the panic strategy is not `abort`
    then the entire DAG must have the same panic strategy.
    
    With the `-C panic=abort` strategy, users can expect a stable method to disable
    generation of landing pads, improving optimization in niche scenarios,
    decreasing compile time, and decreasing output binary size. With the `-C
    panic=unwind` strategy users can expect the existing ability to isolate failure
    in Rust code from the outside world.
    
    Organizationally, this commit dismantles the `sys_common::unwind` module in
    favor of some bits moving part of it to `libpanic_unwind` and the rest into the
    `panicking` module in libstd. The custom panic runtime support is pretty similar
    to the custom allocator support with the only major difference being how the
    panic runtime is injected (takes the `-C panic` flag into account).
    alexcrichton committed May 9, 2016
    Configuration menu
    Copy the full SHA
    0ec321f View commit details
    Browse the repository at this point in the history

Commits on May 10, 2016

  1. rustc: Use C++ personalities on MSVC

    Currently the compiler has two relatively critical bugs in the implementation of
    MSVC unwinding:
    
    * rust-lang#33112 - faults like segfaults and illegal instructions will run destructors
               in Rust, meaning we keep running code after a super-fatal exception
               has happened.
    
    * rust-lang#33116 - When compiling with LTO plus `-Z no-landing-pads` (or `-C
               panic=abort` with the previous commit) LLVM won't remove all `invoke`
               instructions, meaning that some landing pads stick around and
               cleanups may be run due to the previous bug.
    
    These both stem from the flavor of "personality function" that Rust uses for
    unwinding on MSVC. On 32-bit this is `_except_handler3` and on 64-bit this is
    `__C_specific_handler`, but they both essentially are the "most generic"
    personality functions for catching exceptions and running cleanups. That is,
    thse two personalities will run cleanups for all exceptions unconditionally, so
    when we use them we run cleanups for **all SEH exceptions** (include things like
    segfaults).
    
    Note that this also explains why LLVM won't optimize away `invoke` instructions.
    These functions can legitimately still unwind (the `nounwind` attribute only
    seems to apply to "C++ exception-like unwining"). Also note that the standard
    library only *catches* Rust exceptions, not others like segfaults and illegal
    instructions.
    
    LLVM has support for another personality, `__CxxFrameHandler3`, which does not
    run cleanups for general exceptions, only C++ exceptions thrown by
    `_CxxThrowException`. This essentially ideally matches our use case, so this
    commit moves us over to using this well-known personality function as well as
    exception-throwing function.
    
    This doesn't *seem* to pull in any extra runtime dependencies just yet, but if
    it does we can perhaps try to work out how to implement more of it in Rust
    rather than relying on MSVCRT runtime bits.
    
    More details about how this is actually implemented can be found in the changes
    itself, but this...
    
    Closes rust-lang#33112
    Closes rust-lang#33116
    alexcrichton committed May 10, 2016
    Configuration menu
    Copy the full SHA
    38e6e5d View commit details
    Browse the repository at this point in the history