From 757f57bb1eef755474cbb71945ed6370890dd936 Mon Sep 17 00:00:00 2001 From: Amanieu d'Antras Date: Sat, 9 Jan 2016 18:20:33 +0000 Subject: [PATCH 1/2] Add set_oom_handler and use it print a message when out of memory --- src/liballoc/lib.rs | 14 +++--------- src/liballoc/oom.rs | 42 +++++++++++++++++++++++++++++++++++ src/libstd/sys/unix/mod.rs | 23 ++++++++++++++++++- src/libstd/sys/windows/mod.rs | 22 +++++++++++++++++- 4 files changed, 88 insertions(+), 13 deletions(-) create mode 100644 src/liballoc/oom.rs diff --git a/src/liballoc/lib.rs b/src/liballoc/lib.rs index 93b84cdedd4cd..dd4bf5174ee2c 100644 --- a/src/liballoc/lib.rs +++ b/src/liballoc/lib.rs @@ -92,6 +92,7 @@ #![feature(unsize)] #![feature(drop_in_place)] #![feature(fn_traits)] +#![feature(const_fn)] #![feature(needs_allocator)] @@ -127,15 +128,6 @@ mod boxed_test; pub mod arc; pub mod rc; pub mod raw_vec; +pub mod oom; -/// Common out-of-memory routine -#[cold] -#[inline(never)] -#[unstable(feature = "oom", reason = "not a scrutinized interface", - issue = "27700")] -pub fn oom() -> ! { - // FIXME(#14674): This really needs to do something other than just abort - // here, but any printing done must be *guaranteed* to not - // allocate. - unsafe { core::intrinsics::abort() } -} +pub use oom::oom; diff --git a/src/liballoc/oom.rs b/src/liballoc/oom.rs new file mode 100644 index 0000000000000..d355d59185eb4 --- /dev/null +++ b/src/liballoc/oom.rs @@ -0,0 +1,42 @@ +// Copyright 2014-2015 The Rust Project Developers. See the COPYRIGHT +// file at the top-level directory of this distribution and at +// http://rust-lang.org/COPYRIGHT. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +use core::sync::atomic::{AtomicPtr, Ordering}; +use core::mem; +use core::intrinsics; + +static OOM_HANDLER: AtomicPtr<()> = AtomicPtr::new(default_oom_handler as *mut ()); + +fn default_oom_handler() -> ! { + // The default handler can't do much more since we can't assume the presence + // of libc or any way of printing an error message. + unsafe { intrinsics::abort() } +} + +/// Common out-of-memory routine +#[cold] +#[inline(never)] +#[unstable(feature = "oom", reason = "not a scrutinized interface", + issue = "27700")] +pub fn oom() -> ! { + let value = OOM_HANDLER.load(Ordering::SeqCst); + let handler: fn() -> ! = unsafe { mem::transmute(value) }; + handler(); +} + +/// Set a custom handler for out-of-memory conditions +/// +/// To avoid recursive OOM failures, it is critical that the OOM handler does +/// not allocate any memory itself. +#[unstable(feature = "oom", reason = "not a scrutinized interface", + issue = "27700")] +pub fn set_oom_handler(handler: fn() -> !) { + OOM_HANDLER.store(handler as *mut (), Ordering::SeqCst); +} diff --git a/src/libstd/sys/unix/mod.rs b/src/libstd/sys/unix/mod.rs index 929fd2fb0c38b..9771b057d8d21 100644 --- a/src/libstd/sys/unix/mod.rs +++ b/src/libstd/sys/unix/mod.rs @@ -15,6 +15,7 @@ use io::{self, ErrorKind}; use libc; use num::One; use ops::Neg; +use alloc::oom; #[cfg(target_os = "android")] pub use os::android as platform; #[cfg(target_os = "bitrig")] pub use os::bitrig as platform; @@ -45,6 +46,22 @@ pub mod thread_local; pub mod time; pub mod stdio; +// A nicer handler for out-of-memory situations than the default one. This one +// prints a message to stderr before aborting. It is critical that this code +// does not allocate any memory since we are in an OOM situation. Any errors are +// ignored while printing since there's nothing we can do about them and we are +// about to exit anyways. +fn oom_handler() -> ! { + use intrinsics; + let msg = "fatal runtime error: out of memory\n"; + unsafe { + libc::write(libc::STDERR_FILENO, + msg.as_ptr() as *const libc::c_void, + msg.len() as libc::size_t); + intrinsics::abort(); + } +} + #[cfg(not(any(target_os = "nacl", test)))] pub fn init() { use libc::signal; @@ -58,10 +75,14 @@ pub fn init() { unsafe { assert!(signal(libc::SIGPIPE, libc::SIG_IGN) != !0); } + + oom::set_oom_handler(oom_handler); } #[cfg(all(target_os = "nacl", not(test)))] -pub fn init() { } +pub fn init() { + oom::set_oom_handler(oom_handler); +} pub fn decode_error_kind(errno: i32) -> ErrorKind { match errno as libc::c_int { diff --git a/src/libstd/sys/windows/mod.rs b/src/libstd/sys/windows/mod.rs index 7e5342a3fd473..7e4db3d89a3f7 100644 --- a/src/libstd/sys/windows/mod.rs +++ b/src/libstd/sys/windows/mod.rs @@ -20,6 +20,7 @@ use num::Zero; use os::windows::ffi::{OsStrExt, OsStringExt}; use path::PathBuf; use time::Duration; +use alloc::oom; #[macro_use] pub mod compat; @@ -42,7 +43,26 @@ pub mod thread_local; pub mod time; pub mod stdio; -pub fn init() {} +// See comment in sys/unix/mod.rs +fn oom_handler() -> ! { + use intrinsics; + use ptr; + let msg = "fatal runtime error: out of memory\n"; + unsafe { + // WriteFile silently fails if it is passed an invalid handle, so there + // is no need to check the result of GetStdHandle. + c::WriteFile(c::GetStdHandle(c::STD_ERROR_HANDLE), + msg.as_ptr() as c::LPVOID, + msg.len() as DWORD, + ptr::null_mut(), + ptr::null_mut()); + intrinsics::abort(); + } +} + +pub fn init() { + oom::set_oom_handler(oom_handler); +} pub fn decode_error_kind(errno: i32) -> ErrorKind { match errno as c::DWORD { From 98bef2b81823483a23beef48c7999a67206d261d Mon Sep 17 00:00:00 2001 From: Amanieu d'Antras Date: Sat, 9 Jan 2016 19:19:56 +0000 Subject: [PATCH 2/2] Add missing newline character to callers of dumb_print --- src/libstd/panicking.rs | 4 ++-- src/libstd/sys/common/util.rs | 4 ++-- src/libstd/sys/windows/mod.rs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/libstd/panicking.rs b/src/libstd/panicking.rs index 3f9a1c30ef493..8561ecd9c4cb9 100644 --- a/src/libstd/panicking.rs +++ b/src/libstd/panicking.rs @@ -206,7 +206,7 @@ pub fn on_panic(obj: &(Any+Send), file: &'static str, line: u32) { // debugger provides a useable stacktrace. if panics >= 3 { util::dumb_print(format_args!("thread panicked while processing \ - panic. aborting.")); + panic. aborting.\n")); unsafe { intrinsics::abort() } } @@ -232,7 +232,7 @@ pub fn on_panic(obj: &(Any+Send), file: &'static str, line: u32) { // just abort. In the future we may consider resuming // unwinding or otherwise exiting the thread cleanly. util::dumb_print(format_args!("thread panicked while panicking. \ - aborting.")); + aborting.\n")); unsafe { intrinsics::abort() } } } diff --git a/src/libstd/sys/common/util.rs b/src/libstd/sys/common/util.rs index 979f1f4866983..b7a6b7650d540 100644 --- a/src/libstd/sys/common/util.rs +++ b/src/libstd/sys/common/util.rs @@ -35,12 +35,12 @@ pub fn dumb_print(args: fmt::Arguments) { } pub fn abort(args: fmt::Arguments) -> ! { - dumb_print(format_args!("fatal runtime error: {}", args)); + dumb_print(format_args!("fatal runtime error: {}\n", args)); unsafe { intrinsics::abort(); } } #[allow(dead_code)] // stack overflow detection not enabled on all platforms pub unsafe fn report_overflow() { - dumb_print(format_args!("\nthread '{}' has overflowed its stack", + dumb_print(format_args!("\nthread '{}' has overflowed its stack\n", thread::current().name().unwrap_or(""))); } diff --git a/src/libstd/sys/windows/mod.rs b/src/libstd/sys/windows/mod.rs index 7e4db3d89a3f7..16c4ae8257c13 100644 --- a/src/libstd/sys/windows/mod.rs +++ b/src/libstd/sys/windows/mod.rs @@ -53,7 +53,7 @@ fn oom_handler() -> ! { // is no need to check the result of GetStdHandle. c::WriteFile(c::GetStdHandle(c::STD_ERROR_HANDLE), msg.as_ptr() as c::LPVOID, - msg.len() as DWORD, + msg.len() as c::DWORD, ptr::null_mut(), ptr::null_mut()); intrinsics::abort();