subscriber: always ignore lock poisoning #1063
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`tracing-subscriber` can conditionally use `parking_lot`'s locks rather than `std::sync`'s locks, when a feature flag is enabled. Because `parking_lot`'s locks do not poison on panics, while `std::sync`'s locks do, the APIs differ slightly. Currently, we handle this by wrapping the `parking_lot` `RwLock` in a newtype that returns `Result`s, like `std::sync::RwLock` does, but always returns `Ok`. Then, potentially poisoned locks are handled at the callsite. However, this is unnecessary (and potentially incorrect). Because locks may or may not be poisoned depending on the feature flag, `tracing-subscriber` can't rely on poisoning for correctness. Doing so would mean potentially different behavior between `std::sync` and `parking_lot`. Currently, because a number of `tracing-subscriber` functions are called in `Drop` impls, we don't panic when a lock is poisoned, to avoid double panics. Most cases where a lock might be poisoned are handled by returning early with a default value. However, with `parking_lot` enabled, this will never happen, and it adds complexity at the callsite. This branch changes our approach to wrap `std::sync`'s locks and use `PoisonError::into_inner` to ignore poisoning. This results in more consistent behavior between the `parking_lot` feature and `std`, and also probably improves performance a bit with `parking_lot` --- we don't have to have extra code for handling an `Err` case that will never happen (although rustc might be smart enough to optimize it away). Also, the callsites are simpler since they never have to handle poisoning, and we can't accidentally `unwrap` in a `Drop` impl. I also removed the janky user-space thread-local implementation used by `CurrentSpan`, and changed it to just use the `thread-local` crate. We already depend on that crate for the `Registry`, and my DIY implementation has some performance issues. So, I removed it. Depends on #1062
Signed-off-by: Eliza Weisman <[email protected]>
Signed-off-by: Eliza Weisman <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
tracing-subscribercan conditionally useparking_lot's locks ratherthan
std::sync's locks, when a feature flag is enabled. Becauseparking_lot's locks do not poison on panics, whilestd::sync's locksdo, the APIs differ slightly. Currently, we handle this by wrapping the
parking_lotRwLockin a newtype that returnsResults, likestd::sync::RwLockdoes, but always returnsOk. Then, potentiallypoisoned locks are handled at the callsite.
However, this is unnecessary (and potentially incorrect). Because locks
may or may not be poisoned depending on the feature flag,
tracing-subscribercan't rely on poisoning for correctness. Doing sowould mean potentially different behavior between
std::syncandparking_lot. Currently, because a number oftracing-subscriberfunctions are called in
Dropimpls, we don't panic when a lock ispoisoned, to avoid double panics. Most cases where a lock might be
poisoned are handled by returning early with a default value. However,
with
parking_lotenabled, this will never happen, and it addscomplexity at the callsite.
Solution
This branch changes our approach to wrap
std::sync's locks and usePoisonError::into_innerto ignore poisoning. This results in moreconsistent behavior between the
parking_lotfeature andstd, andalso probably improves performance a bit with
parking_lot--- we don'thave to have extra code for handling an
Errcase that will neverhappen (although rustc might be smart enough to optimize it away). Also,
the callsites are simpler since they never have to handle poisoning, and
we can't accidentally
unwrapin aDropimpl.I also removed the janky user-space thread-local implementation used by
CurrentSpan, and changed it to just use thethread-localcrate. Wealready depend on that crate for the
Registry, and my DIYimplementation has some performance issues. So, I removed it.
Depends on #1062