-act,fault #50 remove fault handling code and test

Sources/CDistributedActorsMailbox/crash_support.c → Sources/CDistributedActorsMailbox/backtrace_support.c

@@ -16,7 +16,7 @@
 #include <stdio.h>
 #include <execinfo.h>
 
-#include "include/crash_support.h"
+#include "include/backtrace_support.h"
 
 void sact_dump_backtrace() {
     char** strs;
@@ -33,8 +33,3 @@ int sact_get_backtrace(char*** strs) {
     *strs = backtrace_symbols(callstack, frames);
     return frames;
 }
-
-/* UD2 is defined as "Raises an invalid opcode exception in all operating modes." */
-void sact_simulate_trap() {
-    __asm__("UD2");
-}

Sources/CDistributedActorsMailbox/include/crash_support.h → Sources/CDistributedActorsMailbox/include/backtrace_support.h

@@ -12,8 +12,8 @@
 //
 //===----------------------------------------------------------------------===//
 
-#ifndef SACT_CRASH_SUPPORT_H
-#define SACT_CRASH_SUPPORT_H
+#ifndef SACT_BACKTRACE_SUPPORT_H
+#define SACT_BACKTRACE_SUPPORT_H
 
 /**
  * Prints a stack backtrace directly to `stderr`.
@@ -26,7 +26,4 @@ void sact_dump_backtrace(void);
 
 int sact_get_backtrace(char*** strs);
 
-/* emit `ud2` assembly, simulating a trap */
-void sact_simulate_trap(void);
-
 #endif

Sources/CDistributedActorsMailbox/include/c_mailbox.h

@@ -33,9 +33,9 @@ SWIFT_CLOSED_ENUM(SActMailboxRunPhase) {
 } SActMailboxRunPhase;
 
 typedef struct {
-            uint32_t  capacity;
-            uint32_t  max_run_length;
-    _Atomic int64_t   status;
+            uint32_t      capacity;
+            uint32_t      max_run_length;
+    _Atomic int64_t       status;
     CSActMPSCLinkedQueue* system_messages;
     CSActMPSCLinkedQueue* messages;
 } CSActMailbox;
@@ -45,9 +45,11 @@ SWIFT_CLOSED_ENUM(SActMailboxRunResult) {
     SActMailboxRunResult_Close            = 0,
     SActMailboxRunResult_Done             = 1,
     SActMailboxRunResult_Reschedule       = 2,
+
     // failure and supervision:
-    SActMailboxRunResult_FailureTerminate = 3,
-    SActMailboxRunResult_FailureRestart   = 4,
+    // SActMailboxRunResult_FailureTerminate = 3,
+    // SActMailboxRunResult_FailureRestart   = 4,
+
     // closed status reached, never run again.
     SActMailboxRunResult_Closed           = 5,
 } SActMailboxRunResult;
@@ -92,15 +94,6 @@ typedef SActActorRunResult (*SActInterpretMessageCallback)(SActDropMessageClosur
  */
 typedef void (*SActDropMessageCallback)(SActDropMessageClosureContext, void*); // TODO rename, deadletters
 
-/*
- * Callback for Swift interop.
- *
- * Accepts pointer to message which caused the failure.
- *
- * Invokes supervision, which may mutate the cell's behavior and return if we are to proceed with `Failure` or `FailureRestart`.
- */
-typedef SActMailboxRunResult (*SActInvokeSupervisionCallback)(SActSupervisionClosureContext, SActMailboxRunPhase, void*);
-
 CSActMailbox* cmailbox_create(uint32_t capacity, uint32_t max_run_length);
 
 /*
@@ -138,16 +131,11 @@ SActMailboxEnqueueResult cmailbox_send_system_tombstone(CSActMailbox* mailbox, v
  */
 SActMailboxRunResult cmailbox_run(
     CSActMailbox* mailbox,
-    void* cell, bool handle_crashes,
+    void* cell,
     // message processing:
     SActInterpretMessageClosureContext context, SActInterpretSystemMessageClosureContext system_context,
     SActDropMessageClosureContext dead_letter_context, SActDropMessageClosureContext dead_letter_system_context,
-    SActInterpretMessageCallback interpret_message, SActDropMessageCallback drop_message,
-    // fault handling:
-    jmp_buf* error_jmp_buf,
-    SActSupervisionClosureContext supervision_context, SActInvokeSupervisionCallback supervision_invoke,
-    void** failed_message,
-    SActMailboxRunPhase* run_phase
+    SActInterpretMessageCallback interpret_message, SActDropMessageCallback drop_message
     );
 
 uint32_t cmailbox_message_count(CSActMailbox* mailbox);

Sources/DistributedActors/ActorShell.swift

@@ -296,8 +296,6 @@ internal final class ActorShell<Message>: ActorContext<Message>, AbstractActor {
     /// Throws:
     ///   - user behavior thrown exceptions
     ///   - or `DeathPactError` when a watched actor terminated and the termination signal was not handled; See "death watch" for details.
-    /// Fails:
-    ///   - can potentially fail, which is handled by [FaultHandling] and terminates an actor run immediately.
     func interpretSystemMessage(message: SystemMessage) throws -> SActActorRunResult {
         traceLog_Cell("Interpret system message: \(message)")
 

Sources/DistributedActors/ActorSystem.swift

@@ -135,15 +135,6 @@ public final class ActorSystem {
 
         self.dispatcher = try! FixedThreadPool(settings.threadPoolSize)
 
-        do {
-            if settings.faultSupervisionMode.isEnabled {
-                try FaultHandling.installCrashHandling()
-            }
-        } catch {
-            CDistributedActorsMailbox.sact_dump_backtrace()
-            fatalError("Unable to install crash handling signal handler. Terminating. Error was: \(error)")
-        }
-
         // initialize top level guardians
         self._root = TheOneWhoHasNoParent()
         let theOne = self._root

Sources/DistributedActors/ActorSystemSettings.swift

@@ -45,15 +45,6 @@ public struct ActorSystemSettings {
 
     // FIXME: should have more proper config section
     public var threadPoolSize: Int = ProcessInfo.processInfo.activeProcessorCount
-
-    /// Controls how faults (i.e. `fatalError` and similar) are handled by supervision.
-    ///
-    /// - warning: By default faults are isolated by actors, rather than terminating the entire process.
-    ///            Currently, this may (very likely though) result in memory leaks, so it is recommended
-    ///            to initiate some form of graceful shutdown when facing faults.
-    ///
-    /// - SeeAlso: `FaultSupervisionMode` for a detailed discussion of the available modes.
-    public var faultSupervisionMode: FaultSupervisionMode = .isolateYetMayLeakMemory
 }
 
 public struct ActorSettings {
@@ -64,37 +55,3 @@ public struct ActorSettings {
     // arbitrarily selected, we protect start() using it; we may lift this restriction if needed
     public var maxBehaviorNestingDepth: Int = 128
 }
-
-/// Used to configure fault handling mode.
-///
-/// Note that these settings only impact how faults are supervised, and have no impact on supervision of `Error`s (throws),
-/// inside actors.
-///
-/// The main reason for this option is that the `isolate` mode is inherently leaking memory, due to current Swift limitations,
-/// while we hope to address these in
-public enum FaultSupervisionMode {
-    /// A signal handler will be installed to catch and recover from faults.
-    ///
-    /// In this mode memory can leak upon faults, but the process will not crash.
-    /// Crashes caused by faults can be handled in supervision. This mode should
-    /// be chosen when keeping the process alive is more important than not leaking.
-    ///
-    /// - warning: May leak memory (!), usually may want to initiate a clean shutdown upon such fault being captured.
-    case isolateYetMayLeakMemory
-
-    /// Faults will crash the entire process and no memory will leak.
-    /// This mode is equivalent to Swift's default fault handling model.
-    ///
-    /// This mode should be chosen when preventing leaks is more important than keeping
-    /// the process alive.
-    case crashOnFaults
-}
-
-internal extension FaultSupervisionMode {
-    var isEnabled: Bool {
-        switch self {
-        case .isolateYetMayLeakMemory: return true
-        case .crashOnFaults: return false
-        }
-    }
-}