-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error handling without UB #12
Comments
This approach is as fast as the current one for the non-exceptional path. When an exception does occur, this approach has the extra overhead of catching a C++ exception in the C++ side, and raising a panic in the Rust side. If this performance impact is not acceptable, we could, instead of throwing a C++ exception, do a longjmp, raising a panic only once. |
I feel like we're going in circles and not making any progress. This exact solution has been proposed a few times already, even in the original internals thread that started the rfc, and I've already explained a few times why it makes Rust suck: rust-lang/rust#58794 (comment) Re-iterating:
Rust doesn't want to guarantee that all current and future implementations of unwinding, on all platforms existing and not yet existing, will be compatible with C code. I don't think C++ gives such guarantee either, so both are theoretically UB. So if I cared about theoretical possibility of UB, then this rewrite would not change anything for me. I know that with |
Did you try this solution out ? Because I have a prototype that generates the wrappers in 100-200 LOC. |
It doesn't even need proc macros, my prototype does this in the |
In the build.rs. I can submit a PR if you want, so that you can see it. |
Yes, please submit a PR. I haven't considered using Rust's bindings to generate C++ code, and tried to use C headers as the input, which was a horror. |
I'm at lunch, but will do so later. |
Any update on this? :) |
IIUC, you can pass mozjpeg a function that gets called when an error happens. That function currently
panic!
. Is that the only source of panics from Rust callbacks ?If so, it would be easy to change that into a C++ function that calls some Rust function and then throws some C++ exception containing whatever information would be interesting for Rust code (e.g. an error string):
Otherwise, we could provide a small proc macro that does this automatically.
To catch that exception before unwinding into Rust and invoking UB, we would need to write one wrapper per
extern "C"
function declaration in the library, with one or two exceptions.It wouldn't be hard to write a small proc macro that does this automatically. You'd just put it in the top-level of the crate
#![try_catch_extern_decls]
. This proc macro would do two things. First, for all functions within aextern "C" { ... }
block. It would change a function like:into:
These functions map an optional error message received from C into a Rust panic. Most functions in the jpeg API don't have a return type, so we can use that, but we could also use an out parameter.
Simultaneously, the proc macro would generate a
rust_shim.cpp
file containing the Rust shims:We'd compile this shim using the
cc
crate and link it on the fly to the current crate.The text was updated successfully, but these errors were encountered: