[cfe-dev] [RFC] Suppress C++ static destructor registration

David Blaikie via cfe-dev cfe-dev at lists.llvm.org
Tue Jul 19 08:13:44 PDT 2016


On Mon, Jul 18, 2016 at 3:13 PM Greg Parker via cfe-dev <
cfe-dev at lists.llvm.org> wrote:

> On Jul 18, 2016, at 2:08 PM, Richard Smith via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
> On Mon, Jul 18, 2016 at 1:39 PM, Bruno Cardoso Lopes via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> Hi,
>>
>> C++ static destructors can be problematic in multi-threaded
>> environment. Some of the issues users often complain about include:
>> 1. Teardown ordering: crashes when one thread is exiting the process
>> and calling destructors while another thread is still running and
>> accessing the destructing variables
>> 2. Shared code that is compiled both as an application and as a
>> library. When library mode is chosen, goto (1).
>> 3. Some projects currently override __cxa_atexit to avoid the behavior
>> in question.
>>
>> To get around that, I propose we add a compiler option (e.g.
>> -fno-cxx-static-destructors) to allow clang to suppress destructor
>> registration (currently done via __cxa_atexit, atexit):
>> https://reviews.llvm.org/D22474
>>
>> I'm opening this discussion here on cfe-dev to get some feedback on the
>> matter
>>
>> One can argue that dealing with C++ static destructors in
>> multi-threaded environment is solely the responsibility of the
>> developer, however since (AFAIK) we don't have any standard guaranteed
>> semantic for "global destruction vs. threads", it seems fair to me
>> that we could give developers some option.
>
>
> They already have options. They can use std::quick_exit, which was added
> specifically to address this problem, if they don't want destructors to be
> run at all.
>
>
> std::quick_exit() does not help. The destructor is in a library. The
> library author has no control over how other code in the process calls
> exit(). The authors of the app and other libraries are unaware that exit()
> is dangerous.
>
>
> There are standard techniques to avoid destructors being run for specific
> objects:
>
>   template<typename T> union not_destroyed {
>     T value;
>     template<typename ...U> constexpr not_destroyed(U &&...u) :
> value(std::forward<U>(u)...) {}
>     ~not_destroyed() {}
>   };
>   not_destroyed<std::string> my_str("foo"); // technically has object
> lifetime issues
>
>
> This is fragile. It's easy to accidentally define a static variable that
> does not have this template, thereby breaking exit() again.
>

> -Werror=exit-time-destructors complains about ~not_destroyed(), so it
> can't help. Adding #pragma diagnostic around every use of not_destroyed
> would fix that and not be fragile, but it would be awfully ugly.
>

I think not_destroyed could be written differently so as not to have a
non-trivial dtor. Make it more like std::optional (wrapping an object in a
pointer-like API) & just has a byte buffer member and no dtor declared.
Then it'd be trivially destructible and have no global dtor and be
-Wexit-time-destructors clean.


>
> A post-link test for references to symbol __cxa_atexit might help, but
> only if there are no intentional static destructors anywhere and only for
> optimized builds.
>
>
>   std::string &&s = *new std::string("foo");
>
>
> This didn't compile.
>
>     test.cxx:12:26: error: rvalue reference to type 'basic_string<[3 *
> ...]>' cannot bind to lvalue of type 'basic_string<[3 * ...]>'
>
>
> --
> Greg Parker     gparker at apple.com     Runtime Wrangler
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160719/2860570f/attachment.html>


More information about the cfe-dev mailing list