-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not crash on unexpected exception #48367
Conversation
@dotnet/roslyn-compiler @dotnet/roslyn-ide PTAL |
@tmat I know this sounds funny what I'm about to propose, but rather than changing this which also impacts other hosts (and anything running in devenv.exe itself), should we have the code in service hub set the 'fatal' handler to be non-fatal as well? |
@tmat I marked this as draft so it doesn't accidentally get merged before a design review. |
This is related to #47891 as well |
src/Features/Core/Portable/SolutionCrawler/WorkCoordinator.IncrementalAnalyzerProcessor.cs
Outdated
Show resolved
Hide resolved
src/VisualStudio/Core/Def/Implementation/Venus/ContainedLanguage.cs
Outdated
Show resolved
Hide resolved
src/VisualStudio/VisualBasic/Impl/LanguageService/VisualBasicPackage.vb
Outdated
Show resolved
Hide resolved
src/Workspaces/SharedUtilitiesAndExtensions/Compiler/Core/Utilities/AsyncLazy`1.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Consider adding a data property to the exception indicating that it has already been reported through telemetry. Otherwise we could see large numbers of duplicate reports as the stack unwinds.
This change doesn't seem like it impacts only ServiceHub though. This seems to change the policy for all hosts. Correct? |
Correct. I think it's better not to fail-fast in any of our hosts. |
I don't think so. I think we need to consider at each call-site what the intended semantics is. In some rare cases we might want to actually fail fast. In most cases we should either recover or report NFE and propagate the exception. |
The hosts include the command line compilers and we generally feel that fail-fast there is highly beneficial to us. |
I see - because we don't report NFW from command line compilers, right? Should command line compilers set the handler for NFW to fail fast then? |
Yes. I think we should probably essentially have a method on the vein of |
The handlers always used host policy - that has been the default. Looking again at call sites in the compiler:
So maybe we need to do what @jasonmalinowski suggested and also rename the methods to be clear. Proposal:
We would never use fail fast in these handlers in VS/OOP. We could potentially have env variable/reg key that forces fatal watson for testing/manual investigations |
@tmat love that summary in its entirety (including the env var trick to help with investigations) |
Cool. I'll update the PR. |
The proposal makes sense to me @tmat. I'd say let's communicate well to the compiler team that what might have been 'fatal' in the command line may not be fatal in the VS/OOP case. If the compiler gets a bunch of non-fatal Watsons from VS those might not be possible to hit in the command line case because we marched along after a bad failure and had downstream issues. In the VS/OOP case a fatal exception is data loss, and so marching along is the right thing in many cases but it can be surprising. |
The first filter that will encounter the unexpected exception will report NFW - at this point it's the same stack/state as Fatal Watson from command line. |
1ca6fae
to
e76e6ec
Compare
@sharwell PTAL - I have changed the approach from the original PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compiler changes LGTM.
Design lgtm, we should consider capturing dumps for VS/OOP in |
@ryzngard We do capture dumps in all Report* handlers when running in VS/OOP - both fatal and non-fatal handlers end up reporting NFE. See 1366d93#diff-92b0fbadf21baf9af53e946ec4a2b433R30-R31.
We can do that, but I'd consider that a separate work item - feel free to file an issue if you think it would help. |
@sharwell OK to merge? |
@tmat I'll take a look later today but I'm guessing it's in line with what I was already asking for |
NFE != dump, so something to consider. For crashes we always* get a dump, and we no longer will be. |
@ryzngard that's true, but even for fatal errors the default heap dump collected is often insufficient and we have to request a full dump. In this case, the two options are close to the same. |
@sharwell Ping. |
…features/interpolated-string-constants * upstream/master: (295 commits) Update F1 Keywords to differentiate between semantics of default keyword (#48500) Default constructor suggestion between members (#48318) (#48503) Adjust ERR_PartialMisplaced diagnostic message (#48524) Refactor ChangedText.Merge and add fuzz testing (#48420) Apply suggestions from code review Do not crash on unexpected exception (#48367) Reference the contributing doc in 'Analyzer Suggestion' issue template Apply suggestions from code review Hardcode skipped Regex diagnostic ID as it is not available in CodeStyle layer Add using Skip help link for Regex diagnostic analyzer Add contributing doc for IDE code style analyzer documentation Make db lock static to investigate issue. Update dependencies from https://github.com/dotnet/roslyn build 20201012.2 (#48513) Hook up help link even for AbstractCodeQualityDiagnosticAnalyzer Add destructor intellisense test for record (#48297) Remove unused method (#48429) Fix bug Update src/EditorFeatures/Core.Wpf/InlineHints/InlineHintsTag.cs Add more test ...
* upstream/master: (68 commits) Update F1 Keywords to differentiate between semantics of default keyword (dotnet#48500) Default constructor suggestion between members (dotnet#48318) (dotnet#48503) Adjust ERR_PartialMisplaced diagnostic message (dotnet#48524) Refactor ChangedText.Merge and add fuzz testing (dotnet#48420) Apply suggestions from code review Do not crash on unexpected exception (dotnet#48367) Reference the contributing doc in 'Analyzer Suggestion' issue template Apply suggestions from code review Hardcode skipped Regex diagnostic ID as it is not available in CodeStyle layer Add using Skip help link for Regex diagnostic analyzer Add contributing doc for IDE code style analyzer documentation Make db lock static to investigate issue. Update dependencies from https://github.com/dotnet/roslyn build 20201012.2 (dotnet#48513) Hook up help link even for AbstractCodeQualityDiagnosticAnalyzer Add destructor intellisense test for record (dotnet#48297) Remove unused method (dotnet#48429) Fix bug Update src/EditorFeatures/Core.Wpf/InlineHints/InlineHintsTag.cs Add more test ...
@Cosifne It looks like this is missing a milestone |
@tmat It looks like this is missing a milestone |
Avoid crashing the host process when an unexpected exception is thrown.
When an unexpected exception is thrown in ServiceHub process it needs to be propagated to the client so that we report actionable diagnostics in the log and in the info-bar. If the process is crashed via fail-fast we can't report good error. See e.g. #47234 (comment)
Proposal
ReportAndCatch
,ReportAndCatchUnlessCanceled
The caller declares it is able to recover from the exception at this call site (catches the exception - returns true).
This uses NonFatal handler - csc ignores it, VS/OOP reports non-fatal Watson
In the compiler this would only be used for exceptions from analyzers.
ReportAndPropagate
,ReportAndPropagateUnlessCanceled
The caller declares it is not able to recover at this point and the exception needs to be propagated (returns false).
This uses Fatal handler - csc fail-fast, VS/OOP reports non-fatal Watson
We would never use fail fast in these handlers in VS/OOP. We could potentially have env variable/reg key that forces fatal watson for testing/manual investigations
Review strategy: commit by commit.