switch panic handling method #319
Conversation
rasviitanen
force-pushed
the
remove-static
branch
from
170fca4 to
82068db
Compare
| @@ -0,0 +1,63 @@ | |||
| // This example requires the following input to succeed: | |||
There was a problem hiding this comment.
This example demonstrates use of shared resources such as DB connections or local caches that can be initialized at the start of the runtime and reused by subsequent lambda handler calls. Run it with the following input:
There was a problem hiding this comment.
Very good comment, thank you! Fixed in the latest push
rasviitanen
force-pushed
the
remove-static
branch
2 times, most recently
from
0a6f22a to
493ee5f
Compare
|
Added @bahildebrand since he's been more involved with this discussion too. |
|
Can we not rush this PR? Even if it is backward compatible it is a major change in the expected behavior with some unexpected results in edge cases.
Even if the compiler guarantees memory safety of panics it does not statically guarantee that all panics will be safely unwound. Correct me if I'm wrong here. I fully support this change, but would like to give it more time to understand all the implications. |
Intention definitely wasn't to rush this PR, which is why I asked Blake to also take a look :). Completely agree with your points, my desire is to get more eyes on it in case something has been missed. |
My reading of [catch_unwind(https://doc.rust-lang.org/std/panic/fn.catch_unwind.html) is that we would be guaranteed to catch any panics that were inherent to the types composing the handler since it requires an UnwindSafe implementation. I believe the only things that are One danger would be if someone were enable abort panics on their binary. I'm not sure if the compiler will get angry since we have a call to Overall I don't see any problems with this change. It might be worthwhile to add a note that users should not compile this library panic abort. |
|
re:
I think there are some other things that would make sense in this context that are About Also: Do we want to catch panics in the created |
| name: &'static str, | ||
| } | ||
|
|
||
| impl TryFrom<&'static str> for SharedClient { |
There was a problem hiding this comment.
Why does this need to be tryfrom if its infallible?
There was a problem hiding this comment.
The initial though was to avoid consumers of this library (or future contributors) to not run into the idea where: "Hey why is this a From, you can just do let client = &SharedClient("name"); directly". The problem with this is that client in this case would be static, so it wouldn't be as clear that you can use some non-static reference. Whereas TryFrom would make people think one extra step and realize that you can do some more advanced setup.
But the example in its current form is indeed confusing.
The better solution here is to simply implement a new function for the SharedClient and force it to be bound like that instead. Then I think the barrier to understand the example will be much lower.
I'll work on a fix, thanks!
| let request_id = &ctx.request_id.clone(); | ||
| #[allow(clippy::async_yields_async)] | ||
| let task = tokio::spawn(async move { handler.call(body, ctx) }); | ||
| let task = panic::catch_unwind(panic::AssertUnwindSafe(|| handler.call(body, ctx))); |
There was a problem hiding this comment.
Why this over set_hook?
There was a problem hiding this comment.
The runtime needs to report any panics to the invocation error endpoint: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html.
(I'm assuming that the set_hook you're referring to would be set by the customer?)
There was a problem hiding this comment.
LGTM. I'm going to leave this open for another day in case anyone else has comments they'd like to get in. Otherwise great job @rasviitanen. This is an awesome contribution!
|
Hi @bahildebrand, what is the timeline for merging this PR? |
|
Merging this now. Rust fmt is broken, but I'll push up another PR to fix it. |
Issue: #310
Description of changes:
Uses
std::panic::catch_unwindinstead of spawning a new tokio task to catch any panics.By using
std::panic::AssertUnwindSafewe don't have to add any new bounds on the handler, so this should be backwards compatible.Using
std::panic::AssertUnwindSafeshould be OK. This is essentially what tokio did under the hood with the previous implementation, so the behavior should be equivalent. See:https://github.com/tokio-rs/tokio/blob/b42f21ec3e212ace25331d0c13889a45769e6006/tokio/src/runtime/task/harness.rs#L409
What this attempts to solve:
Get rid of the
Send + Sync + 'staticbounds.By submitting this pull request