rt: unhandled panic config for current thread rt #4770
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -84,6 +84,90 @@ pub struct Builder { | |
|
|
||
| /// How many ticks before yielding to the driver for timer and I/O events? | ||
| pub(super) event_interval: u32, | ||
|
|
||
| #[cfg(tokio_unstable)] | ||
| pub(super) unhandled_panic: UnhandledPanic, | ||
| } | ||
|
|
||
| cfg_unstable! { | ||
| /// How the runtime should respond to unhandled panics. | ||
| /// | ||
| /// Instances of `UnhandledPanic` are passed to `Builder::unhandled_panic` | ||
| /// to configure the runtime behavior when a spawned task panics. | ||
| /// | ||
| /// See [`Builder::unhandled_panic`] for more details. | ||
| #[derive(Debug, Clone)] | ||
| #[non_exhaustive] | ||
| pub enum UnhandledPanic { | ||
| /// The runtime should ignore panics on spawned tasks. | ||
| /// | ||
| /// The panic is forwarded to the task's [`JoinHandle`] and all spawned | ||
| /// tasks continue running normally. | ||
| /// | ||
| /// This is the default behavior. | ||
| /// | ||
| /// # Examples | ||
| /// | ||
| /// ``` | ||
| /// use tokio::runtime::{self, UnhandledPanic}; | ||
| /// | ||
| /// # pub fn main() { | ||
| /// let rt = runtime::Builder::new_current_thread() | ||
| /// .unhandled_panic(UnhandledPanic::Ignore) | ||
| /// .build() | ||
| /// .unwrap(); | ||
| /// | ||
| /// let task1 = rt.spawn(async { panic!("boom"); }); | ||
| /// let task2 = rt.spawn(async { | ||
| /// // This task completes normally | ||
| /// "done" | ||
| /// }); | ||
| /// | ||
| /// rt.block_on(async { | ||
| /// // The panic on the first task is forwarded to the `JoinHandle` | ||
| /// assert!(task1.await.is_err()); | ||
| /// | ||
| /// // The second task completes normally | ||
| /// assert!(task2.await.is_ok()); | ||
| /// }) | ||
| /// # } | ||
| /// ``` | ||
| /// | ||
| /// [`JoinHandle`]: struct@crate::task::JoinHandle | ||
| Ignore, | ||
|
|
||
| /// The runtime should immediately shutdown if a spawned task panics. | ||
| /// | ||
| /// The runtime will immediately shutdown even if the panicked task's | ||
| /// [`JoinHandle`] is still available. All further spawned tasks will be | ||
| /// immediately dropped and call to [`Runtime::block_on`] will panic. | ||
| /// | ||
| /// # Examples | ||
| /// | ||
| /// ```should_panic | ||
| /// use tokio::runtime::{self, UnhandledPanic}; | ||
| /// | ||
| /// # pub fn main() { | ||
| /// let rt = runtime::Builder::new_current_thread() | ||
| /// .unhandled_panic(UnhandledPanic::ShutdownRuntime) | ||
| /// .build() | ||
| /// .unwrap(); | ||
| /// | ||
| /// rt.spawn(async { panic!("boom"); }); | ||
| /// rt.spawn(async { | ||
| /// // This task never completes. | ||
| /// }); | ||
| /// | ||
| /// rt.block_on(async { | ||
| /// // Do some work | ||
| /// # loop { tokio::task::yield_now().await; } | ||
| /// }) | ||
| /// # } | ||
| /// ``` | ||
| /// | ||
| /// [`JoinHandle`]: struct@crate::task::JoinHandle | ||
| ShutdownRuntime, | ||
|
There was a problem hiding this comment. this is maybe a silly nitpick but i don't know if i love the name There was a problem hiding this comment. Can you add the suggestion to #4516? |
||
| } | ||
| } | ||
|
|
||
| pub(crate) type ThreadNameFn = std::sync::Arc<dyn Fn() -> String + Send + Sync + 'static>; | ||
|
|
@@ -163,6 +247,9 @@ impl Builder { | |
| // as parameters. | ||
| global_queue_interval, | ||
| event_interval, | ||
|
|
||
| #[cfg(tokio_unstable)] | ||
| unhandled_panic: UnhandledPanic::Ignore, | ||
| } | ||
| } | ||
|
|
||
|
|
@@ -631,6 +718,67 @@ impl Builder { | |
| self | ||
| } | ||
|
|
||
| cfg_unstable! { | ||
| /// Configure how the runtime responds to an unhandled panic on a | ||
| /// spawned task. | ||
| /// | ||
| /// By default, an unhandled panic (i.e. a panic not caught by | ||
| /// [`std::panic::catch_unwind`]) has no impact on the runtime's | ||
| /// execution. The panic is error value is forwarded to the task's | ||
| /// [`JoinHandle`] and all other spawned tasks continue running. | ||
| /// | ||
| /// The `unhandled_panic` option enables configuring this behavior. | ||
| /// | ||
| /// * `UnhandledPanic::Ignore` is the default behavior. Panics on | ||
| /// spawned tasks have no impact on the runtime's execution. | ||
| /// * `UnhandledPanic::ShutdownRuntime` will force the runtime to | ||
| /// shutdown immediately when a spawned task panics even if that | ||
| /// task's `JoinHandle` has not been dropped. All other spawned tasks | ||
| /// will immediatetly terminate and further calls to | ||
| /// [`Runtime::block_on`] will panic. | ||
| /// | ||
| /// # Unstable | ||
| /// | ||
| /// This option is currently unstable and its implementation is | ||
| /// incomplete. The API may change or be removed in the future. See | ||
| /// tokio-rs/tokio#4516 for more details. | ||
| /// | ||
| /// # Examples | ||
| /// | ||
| /// The following demonstrates a runtime configured to shutdown on | ||
| /// panic. The first spawned task panics and results in the runtime | ||
| /// shutting down. The second spawned task never has a chance to | ||
| /// execute. The call to `block_on` will panic due to the runtime being | ||
| /// forcibly shutdown. | ||
| /// | ||
| /// ```should_panic | ||
| /// use tokio::runtime::{self, UnhandledPanic}; | ||
| /// | ||
| /// # pub fn main() { | ||
| /// let rt = runtime::Builder::new_current_thread() | ||
| /// .unhandled_panic(UnhandledPanic::ShutdownRuntime) | ||
| /// .build() | ||
| /// .unwrap(); | ||
| /// | ||
| /// rt.spawn(async { panic!("boom"); }); | ||
| /// rt.spawn(async { | ||
| /// // This task never completes. | ||
| /// }); | ||
| /// | ||
| /// rt.block_on(async { | ||
| /// // Do some work | ||
| /// # loop { tokio::task::yield_now().await; } | ||
| /// }) | ||
| /// # } | ||
| /// ``` | ||
| /// | ||
| /// [`JoinHandle`]: struct@crate::task::JoinHandle | ||
| pub fn unhandled_panic(&mut self, behavior: UnhandledPanic) -> &mut Self { | ||
| self.unhandled_panic = behavior; | ||
| self | ||
| } | ||
| } | ||
|
|
||
| fn build_basic_runtime(&mut self) -> io::Result<Runtime> { | ||
| use crate::runtime::basic_scheduler::Config; | ||
| use crate::runtime::{BasicScheduler, HandleInner, Kind}; | ||
|
|
@@ -661,6 +809,8 @@ impl Builder { | |
| after_unpark: self.after_unpark.clone(), | ||
| global_queue_interval: self.global_queue_interval, | ||
| event_interval: self.event_interval, | ||
| #[cfg(tokio_unstable)] | ||
| unhandled_panic: self.unhandled_panic.clone(), | ||
| }, | ||
| ); | ||
| let spawner = Spawner::Basic(scheduler.spawner().clone()); | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -216,6 +216,9 @@ cfg_rt! { | |
|
|
||
| mod builder; | ||
| pub use self::builder::Builder; | ||
| cfg_unstable! { | ||
| pub use self::builder::UnhandledPanic; | ||
| } | ||
|
|
||
| pub(crate) mod context; | ||
| mod driver; | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -101,7 +101,12 @@ where | |
| let waker_ref = waker_ref::<T, S>(&header_ptr); | ||
| let cx = Context::from_waker(&*waker_ref); | ||
| let core = self.core(); | ||
| let res = poll_future( | ||
| &core.stage, | ||
| &self.core().scheduler, | ||
| core.task_id.clone(), | ||
| cx, | ||
| ); | ||
|
|
||
| if res == Poll::Ready(()) { | ||
| // The future completed. Move on to complete the task. | ||
|
|
@@ -453,7 +458,12 @@ fn cancel_task<T: Future>(stage: &CoreStage<T>, id: super::Id) { | |
|
|
||
| /// Polls the future. If the future completes, the output is written to the | ||
| /// stage field. | ||
| fn poll_future<T: Future, S: Schedule>( | ||
| core: &CoreStage<T>, | ||
| scheduler: &S, | ||
| id: super::Id, | ||
| cx: Context<'_>, | ||
| ) -> Poll<()> { | ||
| // Poll the future. | ||
| let output = panic::catch_unwind(panic::AssertUnwindSafe(|| { | ||
| struct Guard<'a, T: Future> { | ||
|
|
@@ -476,13 +486,20 @@ fn poll_future<T: Future>(core: &CoreStage<T>, id: super::Id, cx: Context<'_>) - | |
| let output = match output { | ||
| Ok(Poll::Pending) => return Poll::Pending, | ||
| Ok(Poll::Ready(output)) => Ok(output), | ||
| Err(panic) => { | ||
| scheduler.unhandled_panic(); | ||
| Err(JoinError::panic(id, panic)) | ||
| } | ||
| }; | ||
|
|
||
| // Catch and ignore panics if the future panics on drop. | ||
| let res = panic::catch_unwind(panic::AssertUnwindSafe(|| { | ||
| core.store_output(output); | ||
| })); | ||
|
|
||
| if res.is_err() { | ||
| scheduler.unhandled_panic(); | ||
| } | ||
|
|
||
| Poll::Ready(()) | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -262,6 +262,11 @@ pub(crate) trait Schedule: Sync + Sized + 'static { | |
| fn yield_now(&self, task: Notified<Self>) { | ||
| self.schedule(task); | ||
| } | ||
|
|
||
| /// Polling the task resulted in a panic. Should the runtime shutdown? | ||
| fn unhandled_panic(&self) { | ||
| // By default, do nothing. This maintains the 1.0 behavior. | ||
| } | ||
| } | ||
|
|
||
| cfg_rt! { | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
previously i remember thinking that it would be nice to be able to actually store the unhandled panic and propagate it, rather than creating a new panic that loses the original panic's message, but you pointed out that that doesn't work, because the panic is also shared with the
JoinHandleand they could race for it.it occurs to me, though, that now that we have task IDs, perhaps we should store the ID of the task that panicked, rather than just a bool indicating that a task panicked. that way, we could at least identify which task panicked when the runtime panics, which could help users debug the panic when combined with other logs/diagnostics. WDYT?