-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OOM is silent beyond aborting #14674
Comments
We need an |
I would think that a function like #[cold]
#[inline(never)]
fn fail_alloc() -> ! {
rterrln!("failed allocation: aborting");
abort()
} would be nearly as optimisable as |
It just needs to be extra sure that there's no allocation happening as part of the printing. |
This seems like a good easy(ish) ticket to get started learning on but wanted to make sure it wasn't already in the works before I spent too much time on it. In the event it hasn't been worked on yet I was thinking something like this might work in place of the existing oom function /// Common out-of-memory routine
#[cold]
#[inline(never)]
static OOM_MESSAGE = "failed allocation: aborting\n"
pub fn oom() -> ! {
// FIXME(#14674): This really needs to do something other than just abort
// here, but any printing done must be *guaranteed* to not
// allocate.
unsafe {
with_task_stdout(|io| {
io.write(OOM_MESSAGE.as_bytes())
})
core::intrinsics::abort()
}
} |
After looking into with_task_stdout this approach won't work since it may try to alloc at least one additional memory segment. |
@tpickett66 Look at how |
I'm not familiar with how rust is currently handling oom internally, but for some cases it doesn't seem like we necessarily need to be careful (at all) about allocating more memory. Example: In that case, we actually have plenty of memory, we just have an erroneous allocation that fails. In this particular case, it might be possible to just panic!() (and have us get all the nice things that come with panicing, like an optional backtrace). To avoid adding heuristics to detect this case, it might make sense to just have oom try to panic first, but detect recursion and in that event execute a simpler non-allocating bailout. The above would actually be fairly helpful even if we keep the plain call to abort(). |
@jmesmon I believe it's possible to Oh, I see @alexcrichton mentions optimizing allocations. |
@eddyb my point is that in some OOM cases we aren't actually out-of-memory. In those cases, further allocations will still succeed even though a bogus allocation attempt was issued. |
@jmesmon yes, but @alexcrichton's point was about the possibility of unwinding interfering with optimizations, and causing a lot more landing pads to be generated. |
Closing in favor of #27335, I think that's a good solution to take. |
This is a bug even if the solution has been redirected to the RFC process. I want to track this. |
Then it should be tracked in the RFC repo. We don't keep bugs open for things that go through RFCs. |
We do keep bugs here though? Is this really just a new feature? |
Seems like this discussion might be better in rust-lang/rfcs#1398 |
This adds the ability to override the default OOM behavior by setting a handler function. This is used by libstd to print a message when running out of memory instead of crashing with an obscure "illegal hardware instruction" error (at least on Linux). Fixes rust-lang#14674
Right now when we hit OOM we simply invoke
abort()
, an LLVM intrinsic for an undefined instruction to kill the program. This led me to having to run an unoptimized rustc in GDB for 4 hours just to figure out the backtrace pointed atalloc::heap::reallocate
.We should make OOM easier to debug by at least printing a message. Note, however, that the current OOM strategy was done to allow LLVM to optimize allocations, so we need to balance our priorities with that.
The text was updated successfully, but these errors were encountered: