-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undefined Behavior in safe code that unwinds out of extern "C"
function
#63943
Comments
Check-in from the @rust-lang/compiler meeting: I'm changing the nomination to nominate this issue for @rust-lang/lang. In particular, @joshtriplett, it'd be great if you can catch up on the comments here and in #63909 and give some kind of summary, since you've been spearheading this work. |
I'm not sure why this was filed in addition to #63909; I think #63909 completely addresses this, assuming we either merge it or stabilize |
I agree with @gnzlbg, the existence of an unmerged PR does not usually suffice to close issues. |
@RalfJung I tend to treat PRs and issues as synonymous (a PR is just an issue with commits attached) and thus potentially redundant, but your call. It would be nice, however, if we could avoid further splitting discussion and comments across what seems like an ever-growing number of issues and PRs. |
extern "C"
function
Yes, that sounds correct to me @RalfJung! |
Awesome, I love closing soundness issues. :) |
UPDATE: this optimization is perfectly correct. It only breaks code that already has undefined behavior. This is however an issue since until #52652 is fixed we want to keep such code working.
ORIGINAL TITLE: mis-compilation of noreturn extern "C" definitions that unwind on stable and nightly
Originally reported here: #63909 (comment) , which might contain a fix, but that has not been verified yet.
The default behavior of the Rust language on nightly Rust was to abort when a panic tries to escape from functions using certain ABIs intended for FFI, like
"C"
. #62603 changed this behavior on nightly Rust to match the stable Rust behavior, which let the function unwind, while still applying thenounwind
attribute to these functions. When these functions returnNever
, they are alsonoreturn
, and this results in mis-compilations on stable and nightly Rust. MWE:cargo run --release
returns success, butRUSTFLAGS="-C lto=fat" cargo run --release
returns failure.I think that since #63909 removes the
nounwind
attribute, it should end up fixing this bug, but we should probably add a test for this somewhere.The problem #62603 intended to solve is to allow Rust->C->Rust FFI where a Rust callback called from C can unwind through C back into Rust. This example can be adapted to this application, where the miscompilation persists:
AFAICT this miscompilation has always existed for Rust->C-Rust FFI.
The text was updated successfully, but these errors were encountered: