Don't catch runtime exceptions, even in Lwt_main.run

raphael-proust · raphael-proust · commit 61d34af7539f · 2023-08-04T09:45:48.000+02:00
diff --git a/src/unix/lwt_main.ml b/src/unix/lwt_main.ml
@@ -107,7 +107,7 @@ let run p =
   | result ->
     finished ();
     result
-  | exception exn ->
+  | exception exn when Lwt.is_not_ocaml_runtime_exception exn ->
     finished ();
     raise exn
 
diff --git a/src/unix/lwt_main.mli b/src/unix/lwt_main.mli
@@ -39,6 +39,14 @@ let () = Lwt_main.run (main ())
       [Lwt_main.run] will raise [Failure]. This should be considered a logic
       error (i.e., code making such a call is inherently broken).
 
+      In addition, note that Lwt does not attempt to catch exceptions thrown by
+      the OCaml runtime. Specifically, Lwt lets [Out_of_memory] and
+      [Stack_overflow] exceptions traverse all of its functions and bubble up to
+      the caller of [Lwt_main.run]. Moreover because these exceptions are left
+      to traverse the call stack, they leave the internal data-structures in an
+      inconsistent state. For this reason, calling [Lwt_main.run] again after
+      such an exception will raise [Failure].
+
       It is not safe to call [Lwt_main.run] in a function registered with
       [Stdlib.at_exit], use {!Lwt_main.at_exit} instead. *)
 
diff --git a/test/unix/dune b/test/unix/dune
@@ -1,7 +1,17 @@
 (library
  (name tester)
  (libraries lwt lwttester)
- (modules (:standard \ main dummy) ))
+ (modules
+  (:standard
+   \
+   main
+   dummy
+   ocaml_runtime_exc_1
+   ocaml_runtime_exc_2
+   ocaml_runtime_exc_3
+   ocaml_runtime_exc_4
+   ocaml_runtime_exc_5
+   ocaml_runtime_exc_6)))
 
 (executable
  (name dummy)
@@ -13,6 +23,36 @@
  (libraries lwttester tester)
  (modules main))
 
+(executable
+ (name ocaml_runtime_exc_1)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_1))
+
+(executable
+ (name ocaml_runtime_exc_2)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_2))
+
+(executable
+ (name ocaml_runtime_exc_3)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_3))
+
+(executable
+ (name ocaml_runtime_exc_4)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_4))
+
+(executable
+ (name ocaml_runtime_exc_5)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_5))
+
+(executable
+ (name ocaml_runtime_exc_6)
+ (libraries lwt lwt.unix)
+ (modules ocaml_runtime_exc_6))
+
 (alias
  (name runtest)
  (package lwt)
diff --git a/test/unix/main.ml b/test/unix/main.ml
@@ -16,9 +16,3 @@ let () =
     Test_lwt_bytes.suite;
     Test_sleep_and_timeout.suite;
   ]
-
-let () =
-  (* tests that cannot be run inside of the test framework because they manage
-     their own Lwt_main.run *)
-  Test_run_and_runtime_exceptions.test ();
-  ()
diff --git a/test/unix/ocaml_runtime_exc_1.ml b/test/unix/ocaml_runtime_exc_1.ml
@@ -0,0 +1,26 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt.pause () in
+      if true then raise Out_of_memory else Lwt.return_unit
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
diff --git a/test/unix/ocaml_runtime_exc_2.ml b/test/unix/ocaml_runtime_exc_2.ml
@@ -0,0 +1,27 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt_unix.sleep 0.001 in
+      if true then raise Out_of_memory else Lwt.return_unit
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
+
diff --git a/test/unix/ocaml_runtime_exc_3.ml b/test/unix/ocaml_runtime_exc_3.ml
@@ -0,0 +1,31 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt.pause () in
+      Lwt.choose [
+        (let* () = Lwt.pause () in raise Out_of_memory);
+        Lwt_unix.sleep 2.;
+      ]
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
+
+
diff --git a/test/unix/ocaml_runtime_exc_4.ml b/test/unix/ocaml_runtime_exc_4.ml
@@ -0,0 +1,30 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt.pause () in
+      Lwt.catch
+        (fun () -> raise Out_of_memory)
+        (fun _ -> Lwt.return_unit)
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
+
+
diff --git a/test/unix/ocaml_runtime_exc_5.ml b/test/unix/ocaml_runtime_exc_5.ml
@@ -0,0 +1,32 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt.pause () in
+      let _ =
+        Lwt.async
+          (fun () -> let* () = Lwt.pause () in raise Out_of_memory)
+      in
+      Lwt_unix.sleep 0.5
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
+
+
diff --git a/test/unix/ocaml_runtime_exc_6.ml b/test/unix/ocaml_runtime_exc_6.ml
@@ -0,0 +1,33 @@
+(* This file is part of Lwt, released under the MIT license. See LICENSE.md for
+   details, or visit https://github.com/ocsigen/lwt/blob/master/LICENSE.md. *)
+
+(* OCaml runtime exceptions (out-of-memory, stack-overflow) are fatal in a
+   different way than other exceptions and they leave the Lwt main loop in an
+   inconsistent state where it cannot be restarted. Indeed, attempting to call
+   [Lwt_main.run] again after it has crashed with a runtime exception causes a
+   "Nested calls to Lwt_main.run are not allowed" error.
+
+   For this reason, we run this test as its own executable rather than as part
+   of a larger suite. *)
+
+open Lwt.Syntax
+
+let test () =
+  try
+    let () = Lwt_main.run (
+      let* () = Lwt.pause () in
+      let _ =
+        Lwt.dont_wait
+          (fun () -> let* () = Lwt.pause () in raise Out_of_memory)
+          (fun _ -> ())
+      in
+      Lwt_unix.sleep 0.5
+    ) in
+    Printf.eprintf "Test run+raise failure\n";
+    Stdlib.exit 1
+  with
+    | Out_of_memory -> ()
+
+let () = test ()
+
+
diff --git a/test/unix/test_run_and_runtime_exceptions.ml b/test/unix/test_run_and_runtime_exceptions.ml
