re_crash_handler 0.31.1

Detect panics and signals, logging them and optionally sending them to analytics.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339

//! Detect and handle signals, panics, and other crashes, making sure to log them and optionally send them off to analytics.

pub mod sigint;

#[cfg(not(target_os = "windows"))]
use parking_lot::Mutex;
use re_build_info::BuildInfo;

// The easiest way to pass this to our signal handler.
#[cfg(not(target_os = "windows"))]
static BUILD_INFO: Mutex<Option<BuildInfo>> = Mutex::new(None);

/// Install handlers for panics and signals (crashes)
/// that prints helpful messages and sends anonymous analytics.
///
/// NOTE: only install these in binaries!
/// * First of all, we don't want to compete with other panic/signal handlers.
/// * Second of all, we don't ever want to include user callstacks in our analytics.
#[allow(clippy::allow_attributes, clippy::needless_pass_by_value)]
pub fn install_crash_handlers(build_info: BuildInfo) {
    install_panic_hook(build_info.clone());

    #[cfg(not(target_arch = "wasm32"))]
    #[cfg(not(target_os = "windows"))]
    install_signal_handler(build_info);
}

fn install_panic_hook(_build_info: BuildInfo) {
    let previous_panic_hook = std::panic::take_hook();

    std::panic::set_hook(Box::new(
        move |panic_info: &std::panic::PanicHookInfo<'_>| {
            let callstack = callstack_from(&["panicking::panic_fmt\n"]);

            let file_line = panic_info.location().map(|location| {
                let file = anonymize_source_file_path(&std::path::PathBuf::from(location.file()));
                format!("{file}:{}", location.line())
            });

            let msg = panic_info_message(panic_info);

            if let Some(msg) = &msg {
                // Print our own panic message.
                // Our formatting is nicer than `std` since we shorten the file paths (for privacy reasons).
                // This also makes it easier for users to copy-paste the callstack into an issue
                // without having any sensitive data in it.

                let thread = std::thread::current();
                let thread_name = thread
                    .name()
                    .map_or_else(|| format!("{:?}", thread.id()), |name| name.to_owned());

                eprintln!("\nthread '{thread_name}' panicked at '{msg}'");
                if let Some(file_line) = &file_line {
                    eprintln!("{file_line}");
                }
                eprintln!("stack backtrace:\n{callstack}");
            } else {
                // This prints the panic message and callstack:
                (*previous_panic_hook)(panic_info);
            }

            econtext::print_econtext(); // Print additional error context, if any

            eprintln!(
                "\n\
            Troubleshooting Rerun: https://www.rerun.io/docs/overview/installing-rerun/troubleshooting \n\
            Report bugs: https://github.com/rerun-io/rerun/issues"
            );

            #[cfg(feature = "analytics")]
            re_analytics::record_and_flush_blocking(|| re_analytics::event::CrashPanic {
                build_info: _build_info.clone(),
                callstack,
                message: None,
                file_line,
            });

            // We compile with `panic = "abort"`, but we don't want to report the same problem twice, so just exit:
            #[expect(clippy::exit)]
            std::process::exit(102);
        },
    ));
}

fn panic_info_message(panic_info: &std::panic::PanicHookInfo<'_>) -> Option<String> {
    // `panic_info.message` is unstable, so this is the recommended way of getting
    // the panic message out. We need both the `&str` and `String` variants.

    #[expect(clippy::manual_map)]
    if let Some(msg) = panic_info.payload().downcast_ref::<&str>() {
        Some((*msg).to_owned())
    } else if let Some(msg) = panic_info.payload().downcast_ref::<String>() {
        Some(msg.clone())
    } else {
        None
    }
}

#[cfg(not(target_arch = "wasm32"))]
#[cfg(not(target_os = "windows"))]
#[expect(unsafe_code)]
#[expect(clippy::fn_to_numeric_cast_any)]
fn install_signal_handler(build_info: BuildInfo) {
    *BUILD_INFO.lock() = Some(build_info); // Share it with the signal handler

    for signum in [
        libc::SIGABRT,
        libc::SIGBUS,
        libc::SIGFPE,
        libc::SIGILL,
        libc::SIGSEGV,
    ] {
        // SAFETY: we're installing a signal handler.
        unsafe {
            libc::signal(
                signum,
                signal_handler as *const fn(libc::c_int) as libc::size_t,
            );
        }
    }

    unsafe extern "C" fn signal_handler(signal_number: libc::c_int) {
        fn print_problem_and_links(signal_name: &str) {
            write_to_stderr("Rerun caught a signal: ");
            write_to_stderr(signal_name);
            write_to_stderr("\n");
            write_to_stderr(
                "Troubleshooting Rerun: https://www.rerun.io/docs/overview/installing-rerun/troubleshooting \n",
            );
            write_to_stderr("Report bugs: https://github.com/rerun-io/rerun/issues \n");
            write_to_stderr("\n");
        }

        let signal_name = match signal_number {
            libc::SIGABRT => "SIGABRT",
            libc::SIGBUS => "SIGBUS",
            libc::SIGFPE => "SIGFPE",
            libc::SIGILL => "SIGILL",
            libc::SIGINT => "SIGINT",
            libc::SIGSEGV => "SIGSEGV",
            libc::SIGTERM => "SIGTERM",
            _ => "UNKNOWN SIGNAL",
        };

        // There are very few things that are safe to do in a signal handler,
        // but writing to stderr is one of them.
        // So we first print out what happened to stderr so we're sure that gets out,
        // then we do the unsafe things, like logging the stack trace.
        // We take care not to allocate any memory before we generate the call stack.

        write_to_stderr("\n");
        print_problem_and_links(signal_name);

        // Ok, we printed the most important things.
        // Let's do less important things that require memory allocations.
        // Allocating memory can lead to deadlocks if the signal
        // was triggered from the system's memory management functions.

        let callstack = callstack();
        write_to_stderr(&callstack);
        write_to_stderr("\n");

        econtext::print_econtext(); // Print additional error context, if any

        // Let's print the important stuff _again_ so it is visible at the bottom of the users terminal:
        write_to_stderr("\n");
        print_problem_and_links(signal_name);

        // Send analytics - this also sleeps a while to give the analytics time to send the event.
        #[cfg(feature = "analytics")]
        if let Some(build_info) = BUILD_INFO.lock().clone() {
            re_analytics::record_and_flush_blocking(|| re_analytics::event::CrashSignal {
                build_info,
                signal: signal_name.to_owned(),
                callstack,
            });
        }

        // We are done!
        // Call the default signal handler (which usually terminates the app):
        // SAFETY: we're calling a signal handler
        unsafe {
            libc::signal(signal_number, libc::SIG_DFL);
            libc::raise(signal_number);
        }
    }

    fn write_to_stderr(text: &str) {
        // SAFETY: writing to stderr is fine, even in a signal handler.
        unsafe {
            libc::write(libc::STDERR_FILENO, text.as_ptr().cast(), text.len());
        }
    }

    fn callstack() -> String {
        callstack_from(&["install_signal_handler::signal_handler\n"])
    }
}

/// Get a nicely formatted callstack.
///
/// You can give this function a list of substrings to look for, e.g. names of functions.
/// If any of these substrings matches, anything before that is removed from the callstack.
/// For example:
///
/// ```ignore
/// fn print_callstack() {
///     eprintln!("{}", callstack_from(&["print_callstack"]));
/// }
/// ```
pub fn callstack_from(start_patterns: &[&str]) -> String {
    let backtrace = backtrace::Backtrace::new();
    let stack = backtrace_to_string(&backtrace);

    // Trim it a bit:
    let mut stack = stack.as_str();

    let start_patterns = start_patterns
        .iter()
        .chain(std::iter::once(&"callstack_from"));

    // Trim the top (closest to the panic handler) to cut out some noise:
    for start_pattern in start_patterns {
        if let Some(offset) = stack.find(start_pattern) {
            let prev_newline = stack[..offset].rfind('\n').map_or(0, |newline| newline + 1);
            stack = &stack[prev_newline..];
        }
    }

    // Trim the bottom to cut out code that sets up the callstack:
    let end_patterns = [
        "std::sys_common::backtrace::__rust_begin_short_backtrace",
        // Trim the bottom even more to exclude any user code that potentially used `rerun`
        // as a library to show a viewer. In these cases there may be sensitive user code
        // that called `rerun::run`, and we do not want to include it:
        "run_native_app",
    ];

    for end_pattern in end_patterns {
        if let Some(offset) = stack.find(end_pattern) {
            if let Some(start_of_line) = stack[..offset].rfind('\n') {
                stack = &stack[..start_of_line];
            } else {
                stack = &stack[..offset];
            }
        }
    }

    stack.into()
}

fn backtrace_to_string(backtrace: &backtrace::Backtrace) -> String {
    // We need to get a `std::fmt::Formatter`, and there is no easy way to do that, so we do it the hard way:

    struct AnonymizedBacktrace<'a>(&'a backtrace::Backtrace);

    impl std::fmt::Display for AnonymizedBacktrace<'_> {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
            format_backtrace(self.0, f)
        }
    }

    AnonymizedBacktrace(backtrace).to_string()
}

fn format_backtrace(
    backtrace: &backtrace::Backtrace,
    fmt: &mut std::fmt::Formatter<'_>,
) -> std::fmt::Result {
    let mut print_path = |fmt: &mut std::fmt::Formatter<'_>,
                          path: backtrace::BytesOrWideString<'_>| {
        let path = path.into_path_buf();
        let anoymized = anonymize_source_file_path(&path);
        std::fmt::Display::fmt(&anoymized, fmt)
    };

    let style = if fmt.alternate() {
        backtrace::PrintFmt::Full
    } else {
        backtrace::PrintFmt::Short
    };
    let mut f = backtrace::BacktraceFmt::new(fmt, style, &mut print_path);
    f.add_context()?;
    for frame in backtrace.frames() {
        f.frame().backtrace_frame(frame)?;
    }
    f.finish()?;
    Ok(())
}

/// Anonymize a path to a Rust source file from a callstack.
///
/// Example input:
/// * `/Users/emilk/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/runtime.rs`
/// * `crates/rerun/src/main.rs`
/// * `/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/ops/function.rs`
fn anonymize_source_file_path(path: &std::path::Path) -> String {
    // We must make sure we strip everything sensitive (especially user name).
    // The easiest way is to look for `src` and strip everything up to it.

    use itertools::Itertools as _;
    let components = path.iter().map(|path| path.to_string_lossy()).collect_vec();

    // Look for the last `src`:
    if let Some((src_rev_idx, _)) = components.iter().rev().find_position(|&c| c == "src") {
        let src_idx = components.len() - src_rev_idx - 1;
        // Before `src` comes the name of the crate - let's include that:
        let first_index = src_idx.saturating_sub(1);
        components.iter().skip(first_index).format("/").to_string()
    } else {
        // No `src` directory found - weird!
        // let's do a safe fallback and only include the last component (the filename)
        components
            .last()
            .map(|filename| filename.to_string())
            .unwrap_or_default()
    }
}

#[test]
fn test_anonymize_path() {
    for (before, after) in [
        (
            "/Users/emilk/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.24.1/src/runtime/runtime.rs",
            "tokio-1.24.1/src/runtime/runtime.rs",
        ),
        ("crates/rerun/src/main.rs", "rerun/src/main.rs"),
        (
            "/rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/ops/function.rs",
            "core/src/ops/function.rs",
        ),
        ("/weird/path/file.rs", "file.rs"),
    ] {
        use std::str::FromStr as _;
        let before = std::path::PathBuf::from_str(before).unwrap();
        assert_eq!(anonymize_source_file_path(&before), after);
    }
}