Debugging a Segfault in Rust
Join the DZone community and get the full member experience.
Join For FreeIn this Sentry programming session, we looked at using our error monitoring platform to help debug one of our own native products: Symbolicator. This service is responsible for processing native crash reports. Just like any other application, it might crash — and when that happens, we need to gain insights into why.
Crashing Rust
Symbolicator is written in Rust, a language that is loved for its memory-safety. On top of that, the Rust standard library offers extremely well-designed APIs for explicit error handling, making unchecked exceptions a thing of the past. Yet, there are quite a few reasons why a Rust program can still crash, including:
- The use of
unsafe
, often used for absolutely necessary optimization. - Interop with C and C++, which is inherently unsafe.
- Stack overflows or out-of-memory situations.
We chose the first option to introduce a very reliable and unfortunately too well-known crash: The infamous segmentation fault. Look at this beauty:
xxxxxxxxxx
unsafe { *(0 as *mut u32) = 42; }
This is a slightly modified version of the code we used in the recorded session. It dereferences the null pointer and tries to assign it a value of 42. Totally unsafe, and guaranteed to crash. Fun fact: depending on the optimization level, this line might either cause a segmentation fault or an illegal instruction.
Symbolicator already uses our Rust SDK. It is able to report errors and panics to Sentry, can record breadcrumbs, and can even manage concurrent scopes. However, it cannot handle hard application crashes. For that, we need to haul out the big guns.
Using the Native SDK
Our Native SDK to the rescue! We chose the Crashpad distribution, which creates a minidump when the application crashes. The SDK builds a dynamic library that can be linked to our Rust application. To instruct Cargo, we added a few lines to the build script:
xxxxxxxxxx
println!("cargo:rustc-link-lib=sentry_crashpad");
println!("cargo:rustc-link-search=path/to/lib");
println!("cargo:rustc-cdylib-link-arg=-Wl,-rpath,@executable_path/.");
This tells the build system to link the dynamic library of our SDK, where to find it during the build, and where to find it at runtime. From now on, the dynamic library needs to be distributed alongside the main executable.
The Native SDK exposes a C API that is declared in the sentry.h
header file. We chose to compile a small C file that initializes the SDK and exports a single function to our Rust code:
xxxxxxxxxx
void init_native(void)
{
sentry_options_t *options = sentry_options_new();
sentry_options_set_dsn(options, "__SENTRY_DSN__");
sentry_options_set_debug(options, 1);
sentry_options_set_handler_path(options, "crashpad_handler");
sentry_init();
}
To build and link this program, we added a call to the cc
crate in our build script:
xxxxxxxxxx
cc::Build::new()
.file("native/src/init.c")
.include("native/include")
.compile("native")
Now, we are able to call the C function to initialize the Native SDK directly from Rust code. To do so, we declared the function signature in an extern "C"
block. Calling a C function requires the use of unsafe
, since the compiler can no longer reason about the side effects and contents of the function’s body.
xxxxxxxxxx
extern "C" {
fn init_native();
}
unsafe {
init_native();
}
Alternatively, you can call functions from the Native SDK directly. This requires FFI bindings for each function, which can be created conveniently using the bindgen
crate at build time. It generates a Rust file from the C header. While we did not do this in our coding session — to keep it short — we generally recommend to use Sentry’s API directly from Rust.
Wrapping Up
Finally, we could upload debug information of our new Symbolicator build to Sentry. This is normally done as part of our deployment process, but since we were not going to deploy this obviously broken version of Symbolicator — not that we’ve ever done that! — we had to upload manually using sentry-cli
(paths abbreviated for readability):
xxxxxxxxxx
$ sentry-cli upload-dif --include-sources symbolicator symbolicator.dSYM
The --include-sources
flag makes source code available to Sentry. In the live session, we also used --wait
to ensure that the files are processed by Sentry before we crash for the next time. Now, once the application crashes, the SDK sends a Minidump crash report to Sentry, which points right to the bug. See for yourself:
With debug information available, Sentry resolves Rust function names and even source context. In this case, you can clearly see how the stack trace points to our unsafe line of code. What a shame that not all issues will be this easy to debug.
Adding the Native SDK to one of our production Rust services was a fun exercise for us. We hope that you enjoyed this short excursion into the world of Rust with us, and would love to learn about your use cases. Targeting C and C++, Android NDK, and virtually any other language that compiles to machine code, the sentry-native is becoming one of our most versatile SDKs.
Published at DZone with permission of Liz Krane. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments