servoshell/
crash_handler.rs

1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
4
5#[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "android")))]
6pub fn install() {}
7
8#[cfg(any(target_os = "macos", target_os = "linux"))]
9pub fn install() {
10    use std::io::Write;
11    use std::sync::atomic;
12    use std::thread;
13
14    use sig::signal;
15
16    use crate::backtrace;
17
18    extern "C" fn handler(sig: i32) {
19        // Only print crash message and backtrace the first time, to avoid
20        // infinite recursion if the printing causes another signal.
21        static BEEN_HERE_BEFORE: atomic::AtomicBool = atomic::AtomicBool::new(false);
22        if !BEEN_HERE_BEFORE.swap(true, atomic::Ordering::SeqCst) {
23            // stderr is unbuffered, so we won’t lose output if we crash later
24            // in this handler, and the std::io::stderr() call never allocates.
25            // std::io::stdout() allocates the first time it’s called, which in
26            // practice will often segfault (see below).
27            let stderr = std::io::stderr();
28            let mut stderr = stderr.lock();
29            let _ = write!(&mut stderr, "Caught signal {sig}");
30            if let Some(name) = thread::current().name() {
31                let _ = write!(&mut stderr, " in thread \"{}\"", name);
32            }
33            let _ = writeln!(&mut stderr);
34
35            // This call always allocates, which in practice will segfault if
36            // we’re handling a non-main-thread (e.g. layout) segfault. Strictly
37            // speaking in POSIX terms, this is also undefined behaviour.
38            let _ = backtrace::print(&mut stderr);
39        }
40
41        // Outside the BEEN_HERE_BEFORE check, we must only call functions we
42        // know to be “async-signal-safe”, which includes sigaction(), raise(),
43        // and _exit(), but generally doesn’t include anything that allocates.
44        // https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03_03
45        raise_signal_or_exit_with_error(sig);
46    }
47
48    signal!(libc::SIGSEGV, handler); // handle segfaults
49    signal!(libc::SIGILL, handler); // handle stack overflow and unsupported CPUs
50    signal!(libc::SIGIOT, handler); // handle double panics
51    signal!(libc::SIGBUS, handler); // handle invalid memory access
52}
53
54#[cfg(not(any(target_os = "macos", target_os = "linux", target_os = "android")))]
55pub(crate) fn raise_signal_or_exit_with_error(_signal: i32) {
56    std::process::exit(1);
57}
58
59#[cfg(any(target_os = "macos", target_os = "linux"))]
60pub(crate) fn raise_signal_or_exit_with_error(signal: i32) {
61    unsafe {
62        // Reset the signal to the default action, and reraise the signal.
63        // Unlike libc::_exit(sig), which terminates the process normally,
64        // this terminates abnormally just like an uncaught signal, allowing
65        // mach (or your shell) to distinguish it from an ordinary exit, and
66        // allows your kernel to make a core dump if configured to do so.
67        let mut action: libc::sigaction = std::mem::zeroed();
68        action.sa_sigaction = libc::SIG_DFL;
69        libc::sigaction(signal, &action, std::ptr::null_mut());
70        libc::raise(signal);
71    }
72}