Survey of "High Impact" Features

jonhoo · April 21, 2021, 12:33am

Hey folks!

I'm on a bit of a mission to find a way to make it easier to gather stabilization evidence for "high impact" unstable features. By "high impact" here I don't mean "enables lots of cool stuff", but rather "meaningfully improves the quality of life of many developers". What I'm after may be easier to explain by way of a concrete example (feel free to skip it by jumping to the next horizontal line).

I currently maintain the Rust integration for AWS' internal build system. It is used by more or less all Rust projects throughout the organization, and thus any given change to it has an outsized impact, whether positive or negative. In cases where the integration between the internal build system and cargo isn't frictionless, that pain is generally felt by every engineer using Rust, which can add up to a lot of frustration. Recently, I landed a cargo feature, -Zpatch-in-config, that would address a long-standing pain-point in the Cargo integration. I have tested it myself, and it significantly improves the experience for certain common use-cases. And if it were to be deployed internally, it would solve a bunch of issues internal developers are experiencing.

Unfortunately, since it's an unstable nightly feature, I don't have a good way to test it throughout the organization. Switching to nightly isn't really an option, since at this kind of scale issues introduced to nightly will almost certainly break something, so the broad stability of stable is important. I could use the RUSTC_BOOTSTRAP=1 hack to break Rust's stability guarantees combined with -Zallow-features, but that just feels icky.

The fact that I don't have a good way to test this feature widely internally in turn means that I can't easily provide good stabilization evidence back upstream. And since this change is only likely to be useful for those integrating Cargo with other build systems at scale, chances are such evidence simply won't be reported. This is bad for the ecosystem. So, I'm trying to come up with a better way to go about this that might be applicable beyond my particular use-case.

This isn't the first time this problem has been pointed out, or solutions proposed. In fact, we've been around this a few times now:

The case for a new relese channel: testing (2020 take 2)
Mechanism for beta testing unstable features (2020)
Getting more testing of unstable features (2017)
Allow unstable features on beta? (2015)

Rather than try to propose a(nother) solution in this thread, I'd like to first try to solicit other examples of such "high impact" changes, defined roughly as:

Big fan-out. Enabling the use of this feature in one place (e.g., a single build system or a single crate) would meaningfully and positively impact a large number of developers. "Large" is subjective of course, but I'd say at least 100+ developers.
Stable implementation. The feature is unlikely to see significant changes before landing, and is either simple enough, or has gone through enough revisions that it'd be meaningful to test it on stable. This is important because if that's not the case, chances are it's best for the feature to be tested on nightly for the time being anyway.
No cascade. The feature is impactful when enabled only at the "top level", be it at a crate with no dependents or in an external system. This is an important condition, as features that do not meet this requirement very quickly start violating Rust's stability guarantees.

If you can think of a feature that matches those criteria, I'd love to hear about it! That way, I'll be armed with a good list from which to try and craft a mechanism that might enable testing these kinds of features on the beta and stable channels! If you could include

the name of the feature and whether it is for Rust or Cargo
a link to the feature's section in the Rust Unstable Book or the Cargo Unstable Features listing
a brief outline of the feature's (potential) impact

that'd be amazing! I'll go first:

Feature: patch-in-config (Cargo)

Impact: Would save Rust developers at AWS (there are many of us ) from wiping their build artifacts and lockfiles whenever first-party dependencies change.

josh · April 21, 2021, 4:58am

Cargo has a feature -Zweak-dep-features, which allows a crate feature to depend on a feature of another crate, but without enabling that crate if it hasn't already been enabled. Without this, it's impossible to say things like "my xyz feature requires the xyz feature of the abc backend" while still keeping the abc backend itself optional.

This feature could use more testing; please give it a try in the latest Cargo nightly, and post experience reports to Tracking Issue for weak dependency features · Issue #8832 · rust-lang/cargo · GitHub .

josh · April 21, 2021, 5:03am

Cargo also has an unstable feature strip, which allows stripping symbols or debuginfo from a binary when building for a specific profile (such as release): Unstable Features - The Cargo Book

This feature is quite easy to test; give it a try, and confirm that the built binary is stripped. If it works for you, please send an experience report to Tracking issue for `-Z strip=val` option · Issue #72110 · rust-lang/rust · GitHub .

jonhoo · April 21, 2021, 4:29pm

Even though I desperately want that feature as well, I don't think it meets the first or third criteria for the kind of features I'm specifically looking for based on your description?

ibraheemdev · April 21, 2021, 4:33pm

Oh, you're right, it doesn't. Sorry, I misunderstood. I'll delete it.

jonhoo · April 21, 2021, 5:02pm

All good! It is a really exciting feature, I just want to make sure I specifically gather features that match this particular pattern here. Trying to design a general-purpose mechanism for testing "any exciting feature" is, I think, not tenable. Or rather, we already have the answer: use nightly

mbrubeck · April 21, 2021, 5:15pm

This example is out of date, because it was stabilized in Rust 1.51, but I think the new Cargo feature resolver would have qualified before it became stable.

Looking at my company's past use of unstable features, cargo --out-dir is another that might fit. It makes it a lot easier to integrate Cargo with other build systems, which I expect is common for other production users besides us. We currently have workarounds that are compatible with stable Cargo, but they feel somewhat fragile. Enabling this feature would not be life-changing, but it could save a fair amount of duplicated work across many different Rust users.

CAD97 · April 21, 2021, 5:27pm

Observation: I suspect that the third criteria, enabled only at the top level, effectively limits this to only cargo features, or features otherwise exposable by cargo. Any language or libs feature would want to be enabled throughout the dependency graph for full usage.

The only language feature I can think of that would fit the third criteria is #[global_allocator].

tkaitchuck · April 22, 2021, 12:15am

I have attempted to raise a couple of things that might fall into that category in the past. On the lang side:

On the libs side:

Additionally: stabilizing cargo bench:

github.com/rust-lang/rust

Stabilize `#[bench]` and `Bencher`?

opened 10:48AM - 11 Nov 19 UTC

SimonSapin

T-lang T-libs-api B-unstable A-libtest

I’ll take the liberty of copying a section of @hsivonen’s [Rust 2020 blog post](…https://hsivonen.fi/rust2020/): > ## Non-Nightly Benchmarking > > The library support for the `cargo bench` feature has been in the state “[basically, the design is problematic, but we haven’t had anyone work through those issues yet](https://users.rust-lang.org/t/timeline-for-libtest-stability/3123/3)” since 2015. It’s a useful feature nonetheless. Like I said a year ago and the year before, it’s time to let go of the possibility of tweaking it for elegance and just let users use it on non-nighly Rust. Indeed the existing benchmarking support has basically not changed in years, and I’m not aware of anyone planning to work on it. To keep reserving the right to make breaking changes is not useful at this point. [Custom test frameworks](https://github.com/rust-lang/rust/issues/50297) offer another way forward for when someone does want to work on better benchmarking. So I’d like to propose a plan: * Move `test::Bencher` to `std::bench::Bencher`. <del>I have a PR coming soon that</del> <ins>https://github.com/rust-lang/rust/pull/66290</ins> demonstrates that this is possible. This move avoids the need to stabilize the `test` crate. * Optionally, make some surface-only API tweaks to `Bencher`. For example, the public `bytes` field could become a parameter to some method. * Although not strictly necessary for changes to an unstable type, we can keep the existing `bytes` field and `iter` method unchanged as unstable + deprecated for a while. * **Stabilize** the `#[bench]` attribute and just enough of `Bencher` to make it usable with `#[bench]`. (For example, no stable constructor.) @rust-lang/libs, @rust-lang/lang, do you feel this needs an RFC?

And Rustfmt

github.com/rust-lang/rust

Tracking issue for RFC 2437, "Rustfmt stability"

opened 01:24PM - 23 Sep 18 UTC

closed 03:34PM - 13 Apr 23 UTC

Centril

B-RFC-approved T-dev-tools C-tracking-issue A-rustfmt

This is a tracking issue for the RFC "Rustfmt stability" (rust-lang/rfcs#2437). … **Steps:** - [x] Implement the RFC (cc @nrc) - [ ] Adjust documentation ([see instructions on forge][doc-guide]) - [ ] Stabilization PR ([see instructions on forge][stabilization-guide]) [stabilization-guide]: https://forge.rust-lang.org/stabilization-guide.html [doc-guide]: https://forge.rust-lang.org/stabilization-guide.html#updating-documentation **Unresolved questions:** - [ ] Do we want to specify the version in Cargo instead of/as well as in `rustfmt.toml`?

jonhoo · April 22, 2021, 4:26pm

Thanks for the suggestions? I wonder if all of these quite fit the criteria though. Specifically:

pub(test)

I don't think this is a feature that already exists, and thus wouldn't fit 2). It's also not clear to me that it has a big fan-out (1).

cfg-if in std

This also doesn't exist as a feature, so no 2). And I have the same question around fan-out. Furthermore, this feels like it wouldn't match 3, as if one crate used the "cfg-if in std" feature, all its dependents would also need to use said feature.

Stabilize #[bench]

This is a good candidate I think — that is, it matches all the criteria. My biggest question on #[bench] is whether it's something that will ever get stabilized. My current feeling (which may be misjudged) is that bench may end up never landing, at least not in its current form, and instead be replaced by something like custom test frameworks. @SimonSapin summarized the state of affairs in 2019.

Rustfmt stability

It's not entirely clear to me what the feature is here? This seems more like a process question than an explicit feature that could be "tested" or "used".

jonhoo · April 22, 2021, 6:02pm

I wonder if another candidate might be doc(cfg). It isn't quite no cascade (users may try to build transitive documentation on stable), but maybe that's ok? It's high fan out in the sense that documentation may be consumed by many developers. And it is, from what I can tell, a fairly stable feature. @jyn514 what do you think — would you consider that a feature that might fit as a "preview feature" on stable?

CAD97 · April 22, 2021, 7:21pm

rustdoc features are in kind of an (unfortunate) special spot w.r.t. stability: most (or at least a significant chunk of) public crate documentation is consumed through docs-rs, which makes docs using some somewhat recent nightly. It's already possible to experimentally adopt doc(cfg) for use only behind a doc flag enabled on docsrs, and multiple projects do similar things already.

jonhoo · April 23, 2021, 12:11am

-Zweak-dep-features

This one feels like it doesn't meet the "no cascade" requirement. It very much feels like you would want more parts of the ecosystem to opt into it for it to have an effect.

-Zstrip=val

I think this is a great candidate, though I worry about the =val part. When this is stabilized, presumably it'll become something like --strip=val? I think we'd probably want to wait to preview until that move is made (and it's guarded with unstable-options) to minimize friction, though I'm not sure.

jyn514 · April 23, 2021, 1:21pm

No, doc(cfg) is well tested and we know what the bugs are; mostly it's waiting on https://github.com/rust-lang/rust/pull/79341.

josh · April 27, 2021, 5:52am

While it absolutely benefits from being available to the ecosystem at large, it also has value even within a single crate workspace. Nonetheless, I do agree that it isn't quite the ideal fit, the way strip is.

kornel · April 27, 2021, 4:58pm

`oom=panic` setting

To me current #1 pain is lack of fallible allocations, and my servers self-destructing with abort(). Just stabilizng this would solve fallible allocations problems for me.

This is even slightly better than try_reserve(), because it automatically applies to all dependencies.

jonhoo · April 27, 2021, 5:02pm

Ah, that's an interesting one, and I agree it sounds like it would fit. Does that feature currently exist though — I couldn't find it from a cursory search through the docs?

kornel · April 27, 2021, 5:03pm

github.com/rust-lang/rust

Tracking issue for oom=panic (RFC 2116)

opened 06:53PM - 01 Aug 17 UTC

Gankra

A-allocators B-RFC-approved C-tracking-issue Libs-Tracked T-lang T-libs

**Update:** This now the tracking issue for a mechanism to make OOM / memory all…ocation errors panic (and so by default unwind the thread) instead of aborting the process. This feature was accepted in RFC https://github.com/rust-lang/rfcs/pull/2116. It was separated from https://github.com/rust-lang/rust/issues/48043, which tracks another feature of the same RFC, since the two features will likely be stabilized at different times. **Steps:** - [ ] Implement the RFC - [ ] `std::alloc::set_allocation_error_hook` (tracked at https://github.com/rust-lang/rust/issues/51245) could potentially be this mechanism, but that hook is currently document as not allowed to unwind. - [ ] Adjust documentation ([see instructions on forge][doc-guide]) - [ ] Stabilization PR ([see instructions on forge][stabilization-guide]) [stabilization-guide]: https://forge.rust-lang.org/stabilization-guide.html [doc-guide]: https://forge.rust-lang.org/stabilization-guide.html#updating-documentation Original feature request: ---- Several users who are invested in the "thread is a task" model that Rust was originally designed around have expressed a desire to unwind in the case of OOM. Specifically each task has large and unpredictable memory usage, and tearing down the first task that encounters OOM is considered a reasonable strategy. Aborting on OOM is considered unacceptable because it would be expensive to discard all the work that the other tasks have managed to do. We already (accidentally?) specified that all allocators can panic on OOM, including the global one, with the introduction of generic allocators on collections. So in theory no one "should" be relying on the default `oom=abort` semantics. This knob would only affect the default global allocator. Presumably there would just be a function somewhere in the stdlib which is cfg'd to be a panic or abort based on this flag? This is not a replacement for proper fallible allocation handling routines requested in #29802 because most of the potential users of **that** API build with `panic=abort`. Also the requesters of **this** API are unwilling to go through the effort to ensure all their dependents are using fallible allocations everywhere. I am dubious on this API but I'm filling an issue so that it's written down and everyone who wants it has a place to go and assert that it is in fact good and desirable.

kornel · April 27, 2021, 5:16pm

cfg_version or Cargo `msrv`

Staying on an older Rust version is a major pain. This may happen when users use a Linux-distro-provided Rust packages (because they don't know it makes a difference, or they just want all their software managed by their package manager, or have been taught that curl | sh is an insecure hack), or when they forget to run rustup update (it's not automatic) or when they need to use a specific version because of bureaucracy, or desire to bootstrap Rust via mrustc, etc.

There's a disagreement in the ecosystem whether crates should target latest-stable Rust only, or some old version, and whether Rust upgrade is a semver-major-breaking change.

This is made worse by the fact that Rust/Cargo can't clearly communicate to users that they have too-old Rust version. Instead users are told to add unstable command-line flags and/or switch to nightly Rust version. This is baffling to new users, makes them go in circles with compile errors, and makes Rust seem to require Nightly version for almost every crate, as if Rust was still very young and barely working.

If Cargo supported msrv, then:

authors of libraries could target latest-stable Rust without worrying about the fallout it causes.
users of outdated distro-bundled Rust versions would at least be better informed about the problem they face, or their builds would even just work by picking compatible crate versions instead.

This is a feature that requires crates in the ecosystem to adopt it. However, while gathering MSRV data for https://lib.rs I've noticed that there's only a small fraction of crates that is responsible for majority of broken builds. For example, just object and socket2 probably break majority of popular crates (object used by backtrace used by majority of error-handling crates, socket2 used by hyper, used in everything web-related)

jonhoo · April 27, 2021, 5:36pm

I agree the msrv feature is a welcome addition, but it doesn't seem like it fits the "no cascade" clause? The reason that's there specifically is that if a feature like that were to be made available on stable as a "preview", then if it were adopted in one crate, all of that crate's dependents would also have to adopt it. And if the feature then left preview, was changed, or was removed entirely, the dependents would have to change again.

But maybe msrv doesn't cascade, and is just ignored (with a warning) if the feature isn't available in the consumer's environment, I don't know?

Topic		Replies	Views
Mechanism for beta testing unstable features tools and infrastructure	20	1973	July 1, 2021
Getting more testing of unstable features	40	4250	March 25, 2019
#[bench] status libs	12	7569	March 25, 2019
Idea: Semi-stabilization language design	37	4415	July 7, 2019
New release train request: Unstable	2	1196	March 25, 2019

Survey of "High Impact" Features

oom=panic setting

cfg_version or Cargo msrv

Related Topics

`oom=panic` setting

cfg_version or Cargo `msrv`