std: Reexport std::rt::unwind::try in std::thread #23651
Conversation
|
r? @brson (rust_highfive has picked a reviewer for you, use r? to override) |
|
@bors: r+ f610ddf |
|
@bors r- This is a large step to take with no discussion. There has never been a stable 'try' function in Rust. |
|
@brson ah yes sorry, I feel like I often do carry around a little bit too much in my head! The motivation for this is that today it is impossible to both safely and in a @aturon and I talked a lot at lunch today about whether this should be safe or not, and if so what it should look like. We ended up concluding that this signature is both a balance between usability and continuing the current trend of preventions against exception safety problems. An example of this trend is how Does that help clear things up, do you think that a change like this requires an RFC? |
|
Skylight also requires this in order to use rust stable. |
|
Right now I only have two reservations: that this is in the 'ffi' module - although that's the critical use case, it doesn't otherwise have anything to do with ffi; that it takes the 'try' name, when we already have one 'try' concept, and there is a design for another in the pipelines, and this is the conservative version of try, that could presumably be superseded someday. |
|
@brson do you have suggestions for what you might prefer to see this name or located? I thought the |
|
@brson Good catch. Sorry for rushing this along. |
alexcrichton
force-pushed
the
unwind-try
branch
from
f610ddf
to
8a81cd7
Compare
alexcrichton
changed the title
alexcrichton
changed the title
|
I am happy with these changes (thanks again @brson for catching these issues). Note that we will likely want a version without the |
|
☔ The latest upstream changes (presumably #23654) made this pull request unmergeable. Please resolve the merge conflicts. |
alexcrichton
force-pushed
the
unwind-try
branch
from
8a81cd7
to
63926a3
Compare
This commit provides a safe, but unstable interface for the `try` functionality of running a closure and determining whether it panicked or not. There are two primary reasons that this function was previously marked `unsafe`: 1. A vanilla version of this function exposes the problem of exception safety by allowing a bare try/catch in the language. It is not clear whether this concern should be directly tied to `unsafe` in Rust at the API level. At this time, however, the bounds on `ffi::try` require the closure to be both `'static` and `Send` (mirroring those of `thread::spawn`). It may be possible to relax the bounds in the future, but for now it's the level of safety that we're willing to commit to. 2. Panicking while panicking will leak resources by not running destructors. Because panicking is still controlled by the standard library, safeguards remain in place to prevent this from happening. The new API is now called `catch_panic` and is marked as `#[unstable]` for now.
alexcrichton
force-pushed
the
unwind-try
branch
from
63926a3
to
4c2ddb3
Compare
This commit provides a safe, but unstable interface for the `try` functionality of running a closure and determining whether it panicked or not. There are two primary reasons that this function was previously marked `unsafe`: 1. A vanilla version of this function exposes the problem of exception safety by allowing a bare try/catch in the language. It is not clear whether this concern should be directly tied to `unsafe` in Rust at the API level. At this time, however, the bounds on `ffi::try` require the closure to be both `'static` and `Send` (mirroring those of `thread::spawn`). It may be possible to relax the bounds in the future, but for now it's the level of safety that we're willing to commit to. 2. Panicking while panicking will leak resources by not running destructors. Because panicking is still controlled by the standard library, safeguards remain in place to prevent this from happening. The new API is now called `catch_panic` and is marked as `#[unstable]` for now.
This commit provides a safe, but unstable interface for the `try` functionality of running a closure and determining whether it panicked or not. There are two primary reasons that this function was previously marked `unsafe`: 1. A vanilla version of this function exposes the problem of exception safety by allowing a bare try/catch in the language. It is not clear whether this concern should be directly tied to `unsafe` in Rust at the API level. At this time, however, the bounds on `ffi::try` require the closure to be both `'static` and `Send` (mirroring those of `thread::spawn`). It may be possible to relax the bounds in the future, but for now it's the level of safety that we're willing to commit to. 2. Panicking while panicking will leak resources by not running destructors. Because panicking is still controlled by the standard library, safeguards remain in place to prevent this from happening. The new API is now called `catch_panic` and is marked as `#[unstable]` for now.
This commit provides a safe, but unstable interface for the
tryfunctionalityof running a closure and determining whether it panicked or not.
There are two primary reasons that this function was previously marked
unsafe:allowing a bare try/catch in the language. It is not clear whether this
concern should be directly tied to
unsafein Rust at the API level. At thistime, however, the bounds on
ffi::tryrequire the closure to be both'staticandSend(mirroring those ofthread::spawn). It may be possibleto relax the bounds in the future, but for now it's the level of safety that
we're willing to commit to.
Because panicking is still controlled by the standard library, safeguards
remain in place to prevent this from happening.
The new API is now called
catch_panicand is marked as#[unstable]for now.