Run r_safe_eval() in top-level-exec context

Author: lionel-

crates/harp/src/exec.rs

@@ -91,7 +91,11 @@ impl RFunction {
 }
 
 pub fn r_safe_eval(expr: RObject, env: RObject) -> crate::Result<RObject> {
-    unsafe {
+    // We could detect and cancel early exits from the r side, but we'd be at
+    // risk of very unlucky interrupts occurring between `rf_eval()` and our
+    // `on.exit()` handling. So stay on the safe side by wrapping in
+    // top-level-exec. This also insulates us from user handlers.
+    r_top_level_exec(|| unsafe {
         let eval_call = RCall::new(r_symbol!("safe_evalq"))
             .add(expr.sexp)
             .add(env)
@@ -120,8 +124,8 @@ pub fn r_safe_eval(expr: RObject, env: RObject) -> crate::Result<RObject> {
             });
         }
 
-        return Ok(RObject::new(out));
-    }
+        Ok(RObject::new(out))
+    })?
 }
 
 impl From<&str> for RFunction {

crates/harp/src/modules/init.R

@@ -5,7 +5,10 @@
 # - Error slot: Character vector of length 2 [message, trace], with `trace`
 #   possibly an empty string.
 #
-# TODO: Prevent this function from jumping with on.exit
+# We could detect and cancel early exits from here but we'd be at risk of very
+# unlucky interrupts occurring between `Rf_eval()` and our `on.exit()`
+# handling. So it's up to the caller to deal with early exits, for instance with
+# a top-level-exec context.
 safe_evalq <- function(expr, env) {
     # Create a promise to make call stack leaner
     do.call(delayedAssign, list("out", substitute(expr), env))
@@ -38,7 +41,6 @@ safe_evalq <- function(expr, env) {
 
     withCallingHandlers(
         list(out, NULL),
-        interrupt = handler,
         error = handler
     )
 }