Skip to content

Commit ea8ce0f

Browse files
RalfJungRalfJung
committed
exit: document interaction with C
1 parent 81d8edc commit ea8ce0f

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

library/std/src/env.rs

+1-1
Original file line numberDiff line numberDiff line change
@@ -330,7 +330,7 @@ impl Error for VarError {
330330
///
331331
/// Discussion of this unsafety on Unix may be found in:
332332
///
333-
/// - [Austin Group Bugzilla](https://austingroupbugs.net/view.php?id=188)
333+
/// - [Austin Group Bugzilla (for POSIX)](https://austingroupbugs.net/view.php?id=188)
334334
/// - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=15607#c2)
335335
///
336336
/// To pass an environment variable to a child process, you can instead use [`Command::env`].

library/std/src/process.rs

+24
Original file line numberDiff line numberDiff line change
@@ -2297,6 +2297,30 @@ impl Child {
22972297
/// considered undesirable. Note that returning from `main` also calls `exit`, so making `exit` an
22982298
/// unsafe operation is not an option.)
22992299
///
2300+
/// ## Safe interop with C code
2301+
///
2302+
/// This function is safe to call as long as `exit` is only ever invoked from Rust. However, the C
2303+
/// standard does not permit multiple threads to call `exit` concurrently. Rust mitigates this with
2304+
/// a lock, but if C code calls `exit`, that can still cause undefined behavior. Note that returning
2305+
/// from `main` is equivalent to calling `exit`.
2306+
/// Therefore, it is undefined behavior to have two concurrent threads perform the following
2307+
/// without synchronization:
2308+
/// - One thread calls Rust's `exit` function or returns from Rust's `main` function
2309+
/// - Another thread calls the C function `exit` or `quick_exit`, or returns from C's `main` function
2310+
///
2311+
/// Note that if a binary contains multiple copies of the Rust runtime (e.g., when combining
2312+
/// multiple `cdylib` or `staticlib`), they each have their own separate lock, so from the
2313+
/// perspective of code running in one of the Rust runtimes, the "outside" Rust code is basically C
2314+
/// code, and concurrent `exit` again causes undefined behavior.
2315+
///
2316+
/// Individual C implementations might provide more guarantees than the standard and permit concurrent
2317+
/// calls to `exit`; consult the documentation of your C implementation for details.
2318+
///
2319+
/// For some of the on-going discussion to make `exit` thread-safe in C, see:
2320+
/// - [Rust issue #126600](https://github.com/rust-lang/rust/issues/126600)
2321+
/// - [Austin Group Bugzilla (for POSIX)](https://austingroupbugs.net/view.php?id=1845)
2322+
/// - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=31997)
2323+
///
23002324
/// ## Platform-specific behavior
23012325
///
23022326
/// **Unix**: On Unix-like platforms, it is unlikely that all 32 bits of `exit`

0 commit comments

Comments
 (0)