abort immediately on bad mem::zeroed/uninit #105997
Conversation
|
r? @eholk (rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
S-waiting-on-review
|
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
| assert!(!res.status.success(), "test did not fail"); | ||
| let stderr = String::from_utf8_lossy(&res.stderr); | ||
| assert!(stderr.contains(msg), "test did not contain expected output: looking for {:?}, output:\n{}", msg, stderr); | ||
| } |
There was a problem hiding this comment.
This does make the test very slow. But that seems fine? I can't think of a better way...
There was a problem hiding this comment.
You could spawn all the processes and only once that's done collect all the results. But that requires a bit more plumbing.
There was a problem hiding this comment.
Or these tests could be rewritten as #[test] functions. This is also used in some other UI tests.
And lib-test spawns new processes for tests when the it's compiled with panic=abort or some unstable flag is passed. Not sure if compiletest can pass arguments to run-pass tests.
There was a problem hiding this comment.
You have to use -Cpanic=abort and -Zpanic-abort-tests together when compiling the crate to be tested to have libtest spawn new processes.
There was a problem hiding this comment.
Hm, yeah I guess that could work, though I would have to restructure the test quite a bit.
Let's see what the reviewer says, for now I'd prefer this approach.
There was a problem hiding this comment.
I think this approach looks okay. It launches 75 processes or so, which I don't think will be too much time in the grand scheme of things. It might be worse on Windows since process creation is more expensive there though. Given that we run the whole test suite in parallel, I doubt one slower test will affect the overall time too much.
This comment has been minimized.
This comment has been minimized.
RalfJung
force-pushed
the
immediate-abort
branch
from
fea46a4 to
d5c48ef
Compare
No problem. I think I will update it on the next sync after this PR lands. |
RalfJung
force-pushed
the
immediate-abort
branch
2 times, most recently
from
ece139a to
086be76
Compare
| @@ -232,14 +232,15 @@ language_item_table! { | |||
| // is required to define it somewhere. Additionally, there are restrictions on crates that use | |||
| // a weak lang item, but do not have it defined. | |||
| Panic, sym::panic, panic_fn, Target::Fn, GenericRequirement::Exact(0); | |||
| PanicNounwind, sym::panic_nounwind, panic_nounwind, Target::Fn, GenericRequirement::Exact(0); | |||
There was a problem hiding this comment.
| PanicNounwind, sym::panic_nounwind, panic_nounwind, Target::Fn, GenericRequirement::Exact(0); | |
| PanicNoUnwind, sym::panic_no_unwind, panic_no_unwind, Target::Fn, GenericRequirement::Exact(0); |
My brain wants to parse PanicNounwind as Panic-Noun-Wind, so I'd prefer to keep the original spelling here.
In the snake case variant, I'm fine with either panic_no_unwind or panic_nounwind.
There was a problem hiding this comment.
The issue is that the old PanicNoUnwind is actually subtly different from the new PanicNounwind, which is why I did the rename -- the old lang item is equal to what is now called PannicCannotUnwind.
If you are okay with giving a lang item a different meaning without renaming it, I can change this to PanicNoUnwind.
There was a problem hiding this comment.
That makes sense. Changing the name makes it so everyone has to actively do something now that it's changed, which seems like a good thing. If it annoys people in the future we can always change it then, but this reasoning makes sense to leave it as PanicNounwind.
| assert!(!res.status.success(), "test did not fail"); | ||
| let stderr = String::from_utf8_lossy(&res.stderr); | ||
| assert!(stderr.contains(msg), "test did not contain expected output: looking for {:?}, output:\n{}", msg, stderr); | ||
| } |
There was a problem hiding this comment.
I think this approach looks okay. It launches 75 processes or so, which I don't think will be too much time in the grand scheme of things. It might be worse on Windows since process creation is more expensive there though. Given that we run the whole test suite in parallel, I doubt one slower test will affect the overall time too much.
|
☔ The latest upstream changes (presumably #106034) made this pull request unmergeable. Please resolve the merge conflicts. |
RalfJung
force-pushed
the
immediate-abort
branch
from
086be76 to
9f241b3
Compare
|
@bors r+ |
bors
added
S-waiting-on-bors
abort immediately on bad mem::zeroed/uninit Now that we have non-unwinding panics, let's use them for these assertions. This re-establishes the property that `mem::uninitialized` and `mem::zeroed` will never unwind -- the earlier approach of causing panics here sometimes led to hard-to-debug segfaults when the surrounding code was not able to cope with the unexpected unwinding. Cc `@bjorn3` I did not touch cranelift but I assume it needs a similar patch. However it has a `codegen_panic` abstraction that I did not want to touch since I didn't know how else it is used.
|
@bors r- |
bors
added
S-waiting-on-author
|
@bors r=eholk rollup=iffy |
bors
added
S-waiting-on-bors
|
⌛ Testing commit 26e0139 with merge 1e1d38625e227173c4d0a51a75892c8c9256ef49... |
This comment has been minimized.
This comment has been minimized.
|
💔 Test failed - checks-actions |
bors
added
S-waiting-on-review
|
@bors r=eholk |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
|
Finished benchmarking commit (8dfb339): comparison URL. Overall result: no relevant changes - no action needed@rustbot label: -perf-regression Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesThis benchmark run did not return any relevant results for this metric. |
abort immediately on bad mem::zeroed/uninit Now that we have non-unwinding panics, let's use them for these assertions. This re-establishes the property that `mem::uninitialized` and `mem::zeroed` will never unwind -- the earlier approach of causing panics here sometimes led to hard-to-debug segfaults when the surrounding code was not able to cope with the unexpected unwinding. Cc `@bjorn3` I did not touch cranelift but I assume it needs a similar patch. However it has a `codegen_panic` abstraction that I did not want to touch since I didn't know how else it is used.
Now that we have non-unwinding panics, let's use them for these assertions. This re-establishes the property that
mem::uninitializedandmem::zeroedwill never unwind -- the earlier approach of causing panics here sometimes led to hard-to-debug segfaults when the surrounding code was not able to cope with the unexpected unwinding.Cc @bjorn3 I did not touch cranelift but I assume it needs a similar patch. However it has a
codegen_panicabstraction that I did not want to touch since I didn't know how else it is used.