Skip to content

feat!: nested tokio runtime support, borrowed SharedRuntime, async API surface, drain on shutdown, flush on drop#2005

Open
Aaalibaba42 wants to merge 8 commits into
mainfrom
jwiriath/tracebuffer-sharedruntime-rusttracer
Open

feat!: nested tokio runtime support, borrowed SharedRuntime, async API surface, drain on shutdown, flush on drop#2005
Aaalibaba42 wants to merge 8 commits into
mainfrom
jwiriath/tracebuffer-sharedruntime-rusttracer

Conversation

@Aaalibaba42
Copy link
Copy Markdown
Contributor

@Aaalibaba42 Aaalibaba42 commented May 18, 2026
edited
Loading

What?

Make TraceBuffer, SharedRuntime, and TraceExporter safe to use from inside a
host tokio runtime, expose an async API surface alongside the existing sync facade,
add a synchronous flush_and_wait, drain pending spans on shutdown, and fire a
best-effort flush on Drop.

Why?

  • SharedRuntime::block_on and SharedRuntime::shutdown panicked with
    Cannot start a runtime from within a runtime when called from inside an
    existing tokio context (e.g. the Rust tracer embedded in an async application).
    The original "block_on on a scoped OS thread" workaround was reverted in favor
    of a proper async API surface — the OS-thread trick still allocated a second
    tokio runtime per call and could not be wired into a host runtime's lifecycle.
  • The trace exporter and stats workers held hidden block_on calls deep in
    check_agent_info, stop_stats_computation, and TraceExporterBuilder::build,
    which propagated the nested-runtime panic to every async caller.
  • On shutdown, the final partial batch of spans was silently dropped because
    nothing drained the sender's buffer after the worker loop stopped.
  • Dropping a TraceBuffer without an explicit flush also lost any buffered spans.

How?

SharedRuntime (libdd-shared-runtime)

  • Borrowed mode. Added a RuntimeBacking::{Owned(Arc<Runtime>), Borrowed(Handle)}
    enum and a new constructor SharedRuntime::from_handle(Handle) so callers
    that already own a tokio runtime can share it instead of spawning a second one.
    Owned mode is unchanged; borrowed mode gives up fork-safety in exchange for
    letting Drop / shutdown work cleanly from a host worker thread without
    block_on. block_on, sync shutdown, and before_fork return a typed
    error in borrowed mode (SharedRuntimeError::ForkUnsupportedInBorrowedMode,
    SyncShutdownNotSupportedInBorrowedMode, or
    io::Error(ErrorKind::Unsupported) for block_on) instead of panicking.
  • Non-blocking shutdown. Added trigger_shutdown_signal() (snapshots the
    worker set, spawns shutdown tasks on the underlying runtime, bumps a tracked
    expected count) and wait_shutdown_done(timeout) (parks on a Condvar until
    the tracked count is reached). Pairs with sync Drop impls that must wait
    for worker completion without block_on.
  • Panic-safe internals. Drop, trigger_shutdown_signal, wait_shutdown_done,
    and is_borrowed were converted to poison-tolerant lock acquisition — a
    Drop impl must never panic, and the public shutdown surface should not
    either. Internal counter bumps in spawned shutdown tasks degrade gracefully
    on PoisonError (poison.into_inner()) so a single task panic cannot
    deadlock wait_shutdown_done.
  • FFI. ddog_shared_runtime_before_fork now propagates the new error
    variants through SharedRuntimeFFIError, mapped to a new
    SharedRuntimeErrorCode::NotSupportedInBorrowedMode discriminator.

libdd-data-pipeline async API surface

  • Builder. TraceExporterBuilder::build is now a thin wrapper around a
    new build_async. The sync wrapper is gated #[cfg(not(target_arch = "wasm32"))]
    since it relies on SharedRuntime::block_on.
  • Exporter. TraceExporter::send, send_trace_chunks, and shutdown are
    now sync wrappers over new send_async, send_trace_chunks_async, and
    shutdown_async counterparts; the sync wrappers are similarly gated for
    wasm32. The internal check_agent_info, stop_stats_computation, and
    handle_stats_enabled are now async end-to-end — every internal block_on
    was deleted. ArcSwap::load was changed to load_full where needed so the
    resulting Send future survives await points.

TraceBuffer (libdd-data-pipeline)

  • flush_and_wait(timeout). Triggers a flush, captures the batch
    generation, and parks on a Condvar until the worker has processed it.
    Short-circuits on empty batches.
  • Receiver::drain(). Synchronously pulls remaining chunks without
    waiting for a flush trigger; TraceExporterWorker::shutdown calls it to
    export any leftover spans before tearing down.
  • Drop for TraceBuffer<T>. Fires a non-blocking flush-notify so the
    worker exports pending chunks instead of losing them. Errors are
    intentionally swallowed — if the runtime is already gone there is nothing
    useful to do.

Tests

  • Regression coverage for block_on / shutdown / drop invoked from inside
    #[tokio::test(flavor = "multi_thread")], asserting the borrowed-runtime
    path.
  • New SharedRuntime tests: test_from_handle_borrowed_shutdown_wait,
    test_borrowed_mode_unsupported_apis, test_wait_shutdown_done_no_workers.
  • All 11 trace_buffer tests pass (test_drop_inside_tokio_runtime,
    test_drop_triggers_flush, test_flush_and_wait,
    test_shutdown_drains_pending_batch, etc.).

Breaking changes

  • SharedRuntime::before_fork, after_fork_parent, and after_fork_child
    now return Result<(), SharedRuntimeError> instead of ().
  • SharedRuntime::block_on now returns Result<F::Output, io::Error> (was
    infallible).
  • The C ABI of ddog_shared_runtime_before_fork now returns an optional
    boxed SharedRuntimeFFIError.

Additional notes

  • Sync facade (build, send, send_trace_chunks, shutdown) is preserved
    for existing callers but now panics / returns
    io::Error(ErrorKind::Unsupported) when invoked on a borrowed SharedRuntime.
    A sync-api cargo feature gating these methods was prototyped and reverted
    as premature; see the explanatory comment block in
    libdd-data-pipeline/Cargo.toml for the rationale and a pointer for future
    consumers who do want a build that statically forbids the sync facade.

@github-actions
Copy link
Copy Markdown
Contributor

ghost commented May 18, 2026
edited by github-actions Bot
Loading

📚 Documentation Check Results

⚠️ 1427 documentation warning(s) found

📦 libdd-data-pipeline - 1050 warning(s)

📦 libdd-shared-runtime-ffi - 192 warning(s)

📦 libdd-shared-runtime - 185 warning(s)

Updated: 2026-05-26 09:46:58 UTC | Commit: 3ac18d8 | missing-docs job results

@github-actions
Copy link
Copy Markdown
Contributor

ghost commented May 18, 2026
edited by github-actions Bot
Loading

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

  • Base Branch: origin/main
  • PR Branch: origin/jwiriath/tracebuffer-sharedruntime-rusttracer

Summary by Rule

Rule Base Branch PR Branch Change
unwrap_used 3 3 No change (0%)
Total 3 3 No change (0%)

Annotation Counts by File

File Base Branch PR Branch Change
libdd-data-pipeline/src/trace_buffer/mod.rs 1 1 No change (0%)
libdd-data-pipeline/src/trace_exporter/mod.rs 2 2 No change (0%)

Annotation Stats by Crate

Crate Base Branch PR Branch Change
clippy-annotation-reporter 5 5 No change (0%)
datadog-ffe-ffi 1 1 No change (0%)
datadog-ipc 21 21 No change (0%)
datadog-live-debugger 6 6 No change (0%)
datadog-live-debugger-ffi 10 10 No change (0%)
datadog-profiling-replayer 4 4 No change (0%)
datadog-remote-config 3 3 No change (0%)
datadog-sidecar 57 57 No change (0%)
libdd-common 13 13 No change (0%)
libdd-common-ffi 12 12 No change (0%)
libdd-data-pipeline 5 5 No change (0%)
libdd-ddsketch 2 2 No change (0%)
libdd-dogstatsd-client 1 1 No change (0%)
libdd-profiling 13 13 No change (0%)
libdd-telemetry 20 20 No change (0%)
libdd-tinybytes 4 4 No change (0%)
libdd-trace-normalization 2 2 No change (0%)
libdd-trace-obfuscation 3 3 No change (0%)
libdd-trace-stats 1 1 No change (0%)
libdd-trace-utils 15 15 No change (0%)
Total 198 198 No change (0%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

@github-actions
Copy link
Copy Markdown
Contributor

ghost commented May 18, 2026
edited by github-actions Bot
Loading

🔒 Cargo Deny Results

⚠️ 13 issue(s) found, showing only errors (advisories, bans, sources)

📦 libdd-data-pipeline - 5 error(s)

Show output 
error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:214:1
    │
214 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── libdd-common v4.1.0
      │   ├── libdd-capabilities-impl v2.0.0
      │   │   ├── libdd-data-pipeline v5.0.0
      │   │   ├── libdd-shared-runtime v1.0.0
      │   │   │   ├── libdd-data-pipeline v5.0.0 (*)
      │   │   │   ├── libdd-telemetry v5.0.0
      │   │   │   │   └── libdd-data-pipeline v5.0.0 (*)
      │   │   │   └── libdd-trace-stats v4.0.0
      │   │   │       └── libdd-data-pipeline v5.0.0 (*)
      │   │   ├── libdd-trace-stats v4.0.0 (*)
      │   │   └── libdd-trace-utils v5.0.0
      │   │       ├── libdd-data-pipeline v5.0.0 (*)
      │   │       ├── libdd-trace-obfuscation v3.1.0
      │   │       │   └── libdd-trace-stats v4.0.0 (*)
      │   │       ├── libdd-trace-stats v4.0.0 (*)
      │   │       └── (dev) libdd-trace-utils v5.0.0 (*)
      │   ├── libdd-data-pipeline v5.0.0 (*)
      │   ├── libdd-dogstatsd-client v3.0.0
      │   │   └── libdd-data-pipeline v5.0.0 (*)
      │   ├── libdd-shared-runtime v1.0.0 (*)
      │   ├── libdd-telemetry v5.0.0 (*)
      │   ├── libdd-trace-obfuscation v3.1.0 (*)
      │   ├── libdd-trace-stats v4.0.0 (*)
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── (dev) libdd-data-pipeline v5.0.0 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v5.0.0 (*)
      ├── (dev) libdd-trace-stats v4.0.0 (*)
      ├── libdd-trace-utils v5.0.0 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.1
              ├── libdd-data-pipeline v5.0.0 (*)
              ├── (dev) libdd-tinybytes v1.1.1 (*)
              └── libdd-trace-utils v5.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:238:1
    │
238 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.1.0
          │       ├── libdd-capabilities-impl v2.0.0
          │       │   ├── libdd-data-pipeline v5.0.0
          │       │   ├── libdd-shared-runtime v1.0.0
          │       │   │   ├── libdd-data-pipeline v5.0.0 (*)
          │       │   │   ├── libdd-telemetry v5.0.0
          │       │   │   │   └── libdd-data-pipeline v5.0.0 (*)
          │       │   │   └── libdd-trace-stats v4.0.0
          │       │   │       └── libdd-data-pipeline v5.0.0 (*)
          │       │   ├── libdd-trace-stats v4.0.0 (*)
          │       │   └── libdd-trace-utils v5.0.0
          │       │       ├── libdd-data-pipeline v5.0.0 (*)
          │       │       ├── libdd-trace-obfuscation v3.1.0
          │       │       │   └── libdd-trace-stats v4.0.0 (*)
          │       │       ├── libdd-trace-stats v4.0.0 (*)
          │       │       └── (dev) libdd-trace-utils v5.0.0 (*)
          │       ├── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-dogstatsd-client v3.0.0
          │       │   └── libdd-data-pipeline v5.0.0 (*)
          │       ├── libdd-shared-runtime v1.0.0 (*)
          │       ├── libdd-telemetry v5.0.0 (*)
          │       ├── libdd-trace-obfuscation v3.1.0 (*)
          │       ├── libdd-trace-stats v4.0.0 (*)
          │       └── libdd-trace-utils v5.0.0 (*)
          ├── libdd-common v4.1.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.1.0 (*)

error[vulnerability]: Denial of Service via Stack Exhaustion
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:278:1
    │
278 │ time 0.3.41 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0009
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
    ├ ## Impact
      
      When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of
      service attack via stack exhaustion is possible. The attack relies on formally deprecated and
      rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,
      non-malicious input will never encounter this scenario.
      
      ## Patches
      
      A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned
      rather than exhausting the stack.
      
      ## Workarounds
      
      Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of
      the stack consumed would be at most a factor of the length of the input.
    ├ Announcement: https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05
    ├ Solution: Upgrade to >=0.3.47 (try `cargo update -p time`)
    ├ time v0.3.41
      └── tracing-appender v0.2.3
          └── libdd-log v1.0.0
              └── (dev) libdd-data-pipeline v5.0.0

advisories FAILED, bans ok, sources ok

📦 libdd-shared-runtime-ffi - 4 error(s)

Show output 
error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:83:1
   │
83 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
   │
   ├ ID: RUSTSEC-2026-0097
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
   ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
     
     - The `log` and `thread_rng` features are enabled
     - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
     - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
     - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
     - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
     
     `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
   ├ Announcement: https://github.com/rust-random/rand/pull/1763
   ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
   ├ rand v0.8.5
     └── (dev) libdd-common v4.1.0
         ├── libdd-capabilities-impl v2.0.0
         │   └── libdd-shared-runtime v1.0.0
         │       └── libdd-shared-runtime-ffi v34.0.0
         └── libdd-shared-runtime v1.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:94:1
   │
94 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0098
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
   ├ Name constraints for URI names were ignored and therefore accepted.
     
     Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       │       └── libdd-shared-runtime-ffi v34.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:94:1
   │
94 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0099
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
   ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
     
     This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
     This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       │       └── libdd-shared-runtime-ffi v34.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:94:1
   │
94 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0104
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
   ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
     or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
     `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
     
     This panic is reachable prior to a CRL's signature being verified.
     
     Applications that do not use CRLs are not affected.
     
     Thank you to @tynus3 for the report.
   ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       │       └── libdd-shared-runtime-ffi v34.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

advisories FAILED, bans ok, sources ok

📦 libdd-shared-runtime - 4 error(s)

Show output 
error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:69:1
   │
69 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
   │
   ├ ID: RUSTSEC-2026-0097
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
   ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
     
     - The `log` and `thread_rng` features are enabled
     - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
     - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
     - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
     - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
     
     `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
   ├ Announcement: https://github.com/rust-random/rand/pull/1763
   ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
   ├ rand v0.8.5
     └── (dev) libdd-common v4.1.0
         ├── libdd-capabilities-impl v2.0.0
         │   └── libdd-shared-runtime v1.0.0
         └── libdd-shared-runtime v1.0.0 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:80:1
   │
80 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0098
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
   ├ Name constraints for URI names were ignored and therefore accepted.
     
     Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:80:1
   │
80 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0099
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
   ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
     
     This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
     This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
     
     Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
     
     This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
   ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
   ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:80:1
   │
80 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
   │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
   │
   ├ ID: RUSTSEC-2026-0104
   ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
   ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
     or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
     `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
     
     This panic is reachable prior to a CRL's signature being verified.
     
     Applications that do not use CRLs are not affected.
     
     Thank you to @tynus3 for the report.
   ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
   ├ rustls-webpki v0.103.10
     └── rustls v0.23.37
         ├── hyper-rustls v0.27.7
         │   └── libdd-common v4.1.0
         │       ├── libdd-capabilities-impl v2.0.0
         │       │   └── libdd-shared-runtime v1.0.0
         │       └── libdd-shared-runtime v1.0.0 (*)
         ├── libdd-common v4.1.0 (*)
         └── tokio-rustls v0.26.0
             ├── hyper-rustls v0.27.7 (*)
             └── libdd-common v4.1.0 (*)

advisories FAILED, bans ok, sources ok

Updated: 2026-05-26 09:48:19 UTC | Commit: 3ac18d8 | dependency-check job results

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 18, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 82.64059% with 71 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.83%. Comparing base (dbc2cf7) to head (c8d5928).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2005      +/-   ##
==========================================
- Coverage   72.83%   72.83%   -0.01%     
==========================================
  Files         458      458              
  Lines       75789    76036     +247     
==========================================
+ Hits        55201    55378     +177     
- Misses      20588    20658      +70
Components Coverage Δ
libdd-crashtracker 65.21% <ø> (ø)
libdd-crashtracker-ffi 36.82% <ø> (ø)
libdd-alloc 98.77% <ø> (ø)
libdd-data-pipeline 86.13% <84.86%> (-0.56%) ⬇️
libdd-data-pipeline-ffi 70.51% <ø> (-8.12%) ⬇️
libdd-common 79.81% <ø> (ø)
libdd-common-ffi 74.41% <ø> (ø)
libdd-telemetry 73.34% <ø> (ø)
libdd-telemetry-ffi 31.36% <ø> (ø)
libdd-dogstatsd-client 82.64% <ø> (ø)
datadog-ipc 76.22% <ø> (ø)
libdd-profiling 81.68% <ø> (-0.02%) ⬇️
libdd-profiling-ffi 64.79% <ø> (ø)
libdd-sampling 97.46% <ø> (ø)
datadog-sidecar 29.15% <ø> (+0.08%) ⬆️
datdog-sidecar-ffi 9.96% <ø> (+0.44%) ⬆️
spawn-worker 48.86% <ø> (ø)
libdd-tinybytes 93.16% <ø> (ø)
libdd-trace-normalization 81.71% <ø> (ø)
libdd-trace-obfuscation 87.30% <ø> (ø)
libdd-trace-protobuf 68.25% <ø> (ø)
libdd-trace-utils 88.86% <ø> (ø)
libdd-tracer-flare 86.88% <ø> (ø)
libdd-log 74.83% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@datadog-datadog-prod-us1
Copy link
Copy Markdown
Contributor

datadog-datadog-prod-us1 Bot commented May 18, 2026
edited
Loading

Pipelines  Tests

Fix all issues with BitsAI

⚠️ Warnings

🚦 7 Pipeline jobs failed

Required checks pass | allchecks   View in Datadog   GitHub Actions

🔄 Retry job. This looks flaky and may succeed on retry. Some checks have failed or timed out. Please check the workflow run summary for details.

Test | cargo check --target wasm32-unknown-unknown   View in Datadog   GitHub Actions

🛟 This job is unlikely to succeed on retry. Please review your pipeline configuration. Account suspended. Unable to access repository: The requested URL returned error: 403.

Test | exporter_e2e tests (no CA certificates)   View in Datadog   GitHub Actions

🛟 This job is unlikely to succeed on retry. Please review your pipeline configuration. Account suspended. Unable to access repository at 'https://github.com/DataDog/libdatadog/'. Error: 403 Forbidden.

View all 7 failed jobs.

ℹ️ Info

No other issues found (see more)

🧪 All tests passed
❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 82.64%
Overall Coverage: 72.83% (+0.07%)

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: c8d5928 | Docs | Datadog PR Page | Give us feedback!

@dd-octo-sts
Copy link
Copy Markdown
Contributor

dd-octo-sts Bot commented May 18, 2026
edited
Loading

Artifact Size Benchmark Report

aarch64-alpine-linux-musl
Artifact Baseline Commit Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so 7.57 MB 7.57 MB 0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a 82.01 MB 82.11 MB +.12% (+102.11 KB) 🔍
aarch64-unknown-linux-gnu
Artifact Baseline Commit Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.02 MB 10.09 MB +.72% (+73.94 KB) 🔍
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a 98.27 MB 98.43 MB +.16% (+162.28 KB) 🔍
libdatadog-x64-windows
Artifact Baseline Commit Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll 24.54 MB 24.56 MB +.07% (+18.00 KB) 🔍
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib 81.48 KB 81.48 KB 0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb 180.48 MB 180.90 MB +.23% (+432.00 KB) 🔍
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib 914.99 MB 916.98 MB +.21% (+1.98 MB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll 7.76 MB 7.78 MB +.27% (+21.50 KB) 🔍
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib 81.48 KB 81.48 KB 0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb 23.24 MB 23.29 MB +.20% (+48.00 KB) 🔍
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib 45.50 MB 45.60 MB +.22% (+103.77 KB) 🔍
libdatadog-x86-windows
Artifact Baseline Commit Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll 21.15 MB 21.17 MB +.06% (+14.50 KB) 🔍
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib 82.76 KB 82.76 KB 0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb 184.70 MB 185.14 MB +.23% (+448.00 KB) 🔍
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib 900.70 MB 902.64 MB +.21% (+1.93 MB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll 6.01 MB 6.03 MB +.25% (+15.50 KB) 🔍
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib 82.76 KB 82.76 KB 0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb 24.90 MB 24.95 MB +.21% (+56.00 KB) 🔍
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib 43.00 MB 43.10 MB +.23% (+103.01 KB) 🔍
x86_64-alpine-linux-musl
Artifact Baseline Commit Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a 73.11 MB 73.22 MB +.14% (+108.53 KB) 🔍
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so 8.45 MB 8.45 MB +.09% (+8.00 KB) 🔍
x86_64-unknown-linux-gnu
Artifact Baseline Commit Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a 90.92 MB 91.06 MB +.15% (+145.48 KB) 🔍
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so 10.08 MB 10.10 MB +.15% (+15.88 KB) 🔍

@Aaalibaba42 Aaalibaba42 force-pushed the jwiriath/tracebuffer-sharedruntime-rusttracer branch from b5a716f to d55d383 Compare May 18, 2026 12:04
@Aaalibaba42 Aaalibaba42 marked this pull request as ready for review May 19, 2026 12:14
@Aaalibaba42 Aaalibaba42 requested review from a team as code owners May 19, 2026 12:14
@Aaalibaba42 Aaalibaba42 force-pushed the jwiriath/tracebuffer-sharedruntime-rusttracer branch 2 times, most recently from d4d669c to 463495c Compare May 19, 2026 12:15
@Aaalibaba42 Aaalibaba42 changed the title feat: separate os thread for shared runtime to avoid tokio-in-tokio bugs feat(tracebuffer): flush on drop, drain on shutdown, and support nested tokio runtimes May 19, 2026
yannham
yannham requested changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@yannham yannham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've discussed this offline, and the consensus seemed to be that the actual issue of the runtime-in-the-runtime problem is that some functions of our API pretend to be async but actually use block_on under the hood. It seems one possible solution is to actually make them async, and to offer a customary blocking API at the top-level only. Then, from Rust we could only use the purely async API and not care about the shared runtime at all.

On the other hand, the current solution secretly spawns a thread and run a second runtime on the side, while blocking the original executor's thread waiting for the answer. This is a bit fishy, and we never want to block an async executor thread, as this will block a whole bunch of unrelated async tasks queued on this thread.

@Aaalibaba42 Aaalibaba42 force-pushed the jwiriath/tracebuffer-sharedruntime-rusttracer branch from 13fe812 to f8d6d54 Compare May 22, 2026 12:36
@Aaalibaba42 Aaalibaba42 force-pushed the jwiriath/tracebuffer-sharedruntime-rusttracer branch from f8d6d54 to fd24165 Compare May 22, 2026 12:46
Aaalibaba42 and others added 2 commits May 22, 2026 14:55
@Aaalibaba42 @cursoragent
fixup! feat: flush&drain
e8c0427 
Co-authored-by: Cursor <cursoragent@cursor.com>
@Aaalibaba42 @cursoragent
fixup! feat: add best-effort drop impl for the tracebuffer that flushes
c8d5928 
Co-authored-by: Cursor <cursoragent@cursor.com>
@Aaalibaba42 Aaalibaba42 force-pushed the jwiriath/tracebuffer-sharedruntime-rusttracer branch from 3dae176 to c8d5928 Compare May 26, 2026 09:44
@Aaalibaba42 Aaalibaba42 changed the title feat(tracebuffer): flush on drop, drain on shutdown, and support nested tokio runtimes feat(tracebuffer)!: flush on drop, drain on shutdown, and support nested tokio runtimes May 26, 2026
@Aaalibaba42 Aaalibaba42 changed the title feat(tracebuffer)!: flush on drop, drain on shutdown, and support nested tokio runtimes feat!: nested tokio runtime support, borrowed SharedRuntime, async API surface, drain on shutdown, flush on drop May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yannham yannham yannham requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

data-pipeline

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Aaalibaba42 @codecov-commenter @yannham