-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate vfork #1574
Deprecate vfork #1574
Conversation
r? @gnzlbg (rust_highfive has picked a reviewer for you, use r? to override) |
@Amanieu thank you for filling this PR. Right now, because Claiming that this feature is impossible to use correctly won't do much for users that are already using So what do we want to achieve ? I think the best we can do right now is document any known mis-compilations by filling an issue, and then use the deprecation warning to inform users that such known mis-compilations exist, and that there is a nightly feature that they can use to avoid them, but that they are kind of on their own for now. Just telling them "don't use this" without telling them "what to use instead" produces a very frustrating user experience. If this is really always impossible to use correctly, we should at least point them to an issue that explains that in detail. |
I haven't managed to create a miscompiling example, but essentially, if the compiler decides to perform tail call optimization in the vfork child, this will corrupt the entire stack frame for the parent as well. |
Alternatively, the compiler could decide to share a single stack slot for 2 variables, one in the parent and one in the child since it "knows" that only one of the two branches is taken, not both. |
I think maybe @comex had an actual mis compilation example for a lack of |
I've managed to create a miscompilation example: https://play.rust-lang.org/?version=nightly&mode=release&edition=2018&gist=e192ab81e8d408fa9984f766e2356697 As you can see, variables modified in the vfork child cause unrelated variables in the parent to be modified. |
However if you add |
@gnzlbg ping? |
This looks good to me @Amanieu. CI is red due to unrelated issues, but I'll merge it ASAP. In the mean time, could you create an issue in this repo explaining the problem with those links, and add a link to it to the deprecation message ? |
47283af
to
a29bc51
Compare
Added a reference to #1596 in the deprecation message. |
a29bc51
to
1f7352c
Compare
Thanks, as soon as we get up bors working again for the repo I'll start merging PRs. |
@bors: r+ |
📌 Commit 1f7352c has been approved by |
Deprecate vfork The compiler may generate incorrect code for `vfork` and `setjmp` because they are missing the `#[returns_twice]` attribute which is currently unstable ([tracking issue](rust-lang/rust#58314)). Since `vfork` is impossible to use safely, I propose deprecating it until `#[returns_twice]` is stable.
☀️ Test successful - checks-cirrus-freebsd-10, checks-cirrus-freebsd-11, checks-cirrus-freebsd-12, status-azure |
For anyone else who finds themselves here from the "vfork is deprecated" documentation - I have a working proof-of-concept workaround that calls The idea is that since both are done in assembly, the Rust compiler doesn't see the second return. Similarly, I think this could alternatively be done by calling out to a helper C function that calls EDIT: I started thinking about whether this could be generalized into a utility function... and then realized that |
Bare vfork + exec are tricky to use, since it's easy to accidentally corrupt the parent process's state from the child process. It's also unsupported in Rust (rust-lang/libc#1574, rust-lang/libc#1596). I think we could work around this in Rust by using inline assembly or a C helper function to wrap the fork and exec, but `posix_spawn` basically does that for us already.
The compiler may generate incorrect code for
vfork
andsetjmp
because they are missing the#[returns_twice]
attribute which is currently unstable (tracking issue). Sincevfork
is impossible to use safely, I propose deprecating it until#[returns_twice]
is stable.