Unwinding through FFI after Rust 1.33

Lokathor · 2019-04-03T15:02:36.955Z

@gnzlbg in retrospect this makes sense, but also seems to indicate that a no_std dynamic library would potentially be in quite a bit of trouble.

Just trying to understand the possible cases here, it seems like:

std:
- The panic happens
- The panic_hook is executed
- The panic runtime is executed, which is either an unwind or an abort
no_std:
- The panic happens
- The program immediately jumps to the panic_handler function and must never return.

Is this correct?

Assuming so, here’s two annoying questiond that Rust probably needs an answer to because it can happen:

What happens if std rust code calls into a dynamic lib with no_std and a panic_handler? My guess, the lib uses its panic_handler and never returns
What happens if std Rust calls a std dynamic lib? will the right panic_hook get used? even across compiler versions? Guess: it’s probably totally broken if that happens?

jcranmer · 2019-04-04T02:24:23.578Z

Lots of things that can’t be checked need to align for it to work (e.g. what happens if the two Rust crates linked use the same panic implementation but a different memory allocator due to a different toolchain version / linking issue, and one crates tries to free the panic payload of the other crate, etc.).

All of the EH ABIs specify that the exception record contains some field that is used to destroy the exception record. You could check the exact function pointers to figure out if the Rust exception record could have a mismatched memory allocator issue.

gnzlbg · 2019-04-04T07:45:24.198Z

@jcranmer

jcranmer:

You could check the exact function pointers to figure out if the Rust exception record could have a mismatched memory allocator issue.

If this function is exactly a call to free, this dynamic check can work.

Otherwise, what happens if this function is statically linked into each dynamic library ? Two copies of the function will have different function pointers, yet they might be the exact same function. I’d guess we could maybe force these to always be dynamically linked, not sure.

cuviper · 2019-04-04T20:12:17.895Z

The lang team is requesting users to participate in forming the solution:

github.com/rust-lang/rust

Issue: Default behavior of unwinding in FFI functions

opened by Mark-Simulacrum on 2019-02-28

This is the tracking issue for the behavior of unwinding through FFI functions.
There are two choices here: we can abort if...

C-tracking-issue T-lang disposition-merge proposed-final-comment-period