feat: check ARG_MAX on Unix platforms

weihanglo · weihanglo · commit aa8bf70d1215 · 2025-03-12T23:11:32.000-04:00
On Unix the limits can be gargantuan anyway so we're pretty
unlikely to hit them, but might still exceed it.
We consult ARG_MAX here to get an estimate.
diff --git a/compiler/rustc_codegen_ssa/src/back/command.rs b/compiler/rustc_codegen_ssa/src/back/command.rs
@@ -137,44 +137,69 @@ impl Command {
     /// Returns a `true` if we're pretty sure that this'll blow OS spawn limits,
     /// or `false` if we should attempt to spawn and see what the OS says.
     pub(crate) fn very_likely_to_exceed_some_spawn_limit(&self) -> bool {
-        // We mostly only care about Windows in this method, on Unix the limits
-        // can be gargantuan anyway so we're pretty unlikely to hit them
-        if cfg!(unix) {
-            return false;
-        }
-
         // Right now LLD doesn't support the `@` syntax of passing an argument
         // through files, so regardless of the platform we try to go to the OS
         // on this one.
         if let Program::Lld(..) = self.program {
             return false;
         }
 
-        // Ok so on Windows to spawn a process is 32,768 characters in its
-        // command line [1]. Unfortunately we don't actually have access to that
-        // as it's calculated just before spawning. Instead we perform a
-        // poor-man's guess as to how long our command line will be. We're
-        // assuming here that we don't have to escape every character...
-        //
-        // Turns out though that `cmd.exe` has even smaller limits, 8192
-        // characters [2]. Linkers can often be batch scripts (for example
-        // Emscripten, Gecko's current build system) which means that we're
-        // running through batch scripts. These linkers often just forward
-        // arguments elsewhere (and maybe tack on more), so if we blow 8192
-        // bytes we'll typically cause them to blow as well.
-        //
-        // Basically as a result just perform an inflated estimate of what our
-        // command line will look like and test if it's > 8192 (we actually
-        // test against 6k to artificially inflate our estimate). If all else
-        // fails we'll fall back to the normal unix logic of testing the OS
-        // error code if we fail to spawn and automatically re-spawning the
-        // linker with smaller arguments.
-        //
-        // [1]: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa
-        // [2]: https://devblogs.microsoft.com/oldnewthing/?p=41553
-
-        let estimated_command_line_len = self.args.iter().map(|a| a.len()).sum::<usize>();
-        estimated_command_line_len > 1024 * 6
+        if cfg!(windows) {
+            // Ok so on Windows to spawn a process is 32,768 characters in its
+            // command line [1]. Unfortunately we don't actually have access to that
+            // as it's calculated just before spawning. Instead we perform a
+            // poor-man's guess as to how long our command line will be. We're
+            // assuming here that we don't have to escape every character...
+            //
+            // Turns out though that `cmd.exe` has even smaller limits, 8192
+            // characters [2]. Linkers can often be batch scripts (for example
+            // Emscripten, Gecko's current build system) which means that we're
+            // running through batch scripts. These linkers often just forward
+            // arguments elsewhere (and maybe tack on more), so if we blow 8192
+            // bytes we'll typically cause them to blow as well.
+            //
+            // Basically as a result just perform an inflated estimate of what our
+            // command line will look like and test if it's > 8192 (we actually
+            // test against 6k to artificially inflate our estimate). If all else
+            // fails we'll fall back to the normal unix logic of testing the OS
+            // error code if we fail to spawn and automatically re-spawning the
+            // linker with smaller arguments.
+            //
+            // [1]: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa
+            // [2]: https://devblogs.microsoft.com/oldnewthing/?p=41553
+            let estimated_command_line_len = self.args.iter().map(|a| a.len()).sum::<usize>();
+            estimated_command_line_len > 1024 * 6
+        } else if cfg!(unix) {
+            // On Unix the limits can be gargantuan anyway so we're pretty
+            // unlikely to hit them, but might still exceed it.
+            // We consult ARG_MAX here to get an estimate.
+            let ptr_size = mem::size_of::<usize>();
+            // arg + \0 + pointer
+            let args_size = self.args.iter().fold(0, |acc, a| {
+                let arg = a.as_encoded_bytes().len();
+                let nul = 1;
+                acc.saturating_add(arg).saturating_add(nul).saturating_add(ptr_size)
+            });
+            // key + `=` + value + \0 + pointer
+            let envs_size = self.env.iter().fold(0, |acc, (k, v)| {
+                let k = k.as_encoded_bytes().len();
+                let eq = 1;
+                let v = v.as_encoded_bytes().len();
+                let nul = 1;
+                acc.saturating_add(k)
+                    .saturating_add(eq)
+                    .saturating_add(v)
+                    .saturating_add(nul)
+                    .saturating_add(ptr_size)
+            });
+            let arg_max = match unsafe { libc::sysconf(libc::_SC_ARG_MAX) } {
+                -1 => return false, // Go to OS anyway.
+                max => max as usize,
+            };
+            args_size + envs_size > arg_max
+        } else {
+            false
+        }
     }
 }
 
