From these options, I (as someone who has definitely hit this a few times and remembering being pretty confused) feel that the current situation is the most attractive if the error message was sufficiently good. Maybe we could even include a link to a documentation page that lays out (a) ways to fix it and (b) background why this is the case (as laid out here – thanks for writing it up so clearly!).

I added a new option:

Provide a separate tokio-global-runtime crate

The specific name of the crate would need to be massaged. The idea is to have a separate crate define the static variable. In this case, users who wish to use a statically defined runtime would depend on this crate.

The main downside as I see it to this is that it makes the global runtime less discoverable.

I feel like there are a bunch of somewhat independent issues being addressed together here, which isn’t really helping. For the issue of beginners (or experienced users who are just forgetful – this has definitely happened to me), just making the error for trying to initialize resources that require a runtime more explicit or clear will get a lot of mileage.

I’m not a fan of the feature flag approach, since additive nature of feature flags mean that it is pretty easy to get a runtime going without being aware of it.

It’s a little unclear to me whether having a single static runtime would still need to depend on thread locals, or whether there would perhaps be some level of performance benefit to having a static runtime. If that is the case, I think we should definitely offer that as an option. I don’t find the “lack of discoverability” argument against separate crate all that convincing – there are plenty of ways we could advertise that option in documentation.

I quite like the explicit of &Handle arguments, though it’s a little unclear to me how pervasive (and thus potentially unergonomic) these would be in practice.

In general, I think we can agree that feature flags should not change behavior (I am aware I failed some on this front in 0.2).

the log crate sees much more use than slog even though slog is an excellent library…

As someone who moved from slog to tracing, I think this is a dubious point of reference; I log messages way more often than I spawn tasks.

A few questions and opinions on this topic, not especially organized:

• The panic message should be more detailed if it’s kept in. It can happen a lot of different ways, which may make it difficult to explain well without confusing the reader with irrelevant information:

  • Using a non-tokio runtime
  • Using a Runtime, but trying to do some setup work outside the runtime first (e.g. as seen in seanmonstar/reqwest#778)
  • Using a Runtime, but left it - I’m not sure exactly which of spawn_blocking, block_in_place, etc. “leave” which parts of the runtime. Clearly thread::spawn does.

• What is the consequence of polling a runtime-bound resource from a different runtime after it’s already been created?

  • Is it less performant (and why?)
  • Does it panic?
  • How much of this should be considered implementation details vs public API? Is it a breaking change to add or remove the “runtime-boundness” of a resource?

• Having both implicit and explicit constructors available, or multiple equivalent code paths that do the same thing, leads to confusion.

  • For example, TcpListener should either take an explicit Handle or use the thread-local - but not have one constructor for each option.
  • Since Handle is not a method parameter, it is not clear which methods or modules require a tokio runtime and which do not unless you try one and it panics. For this reason I have a slight preference toward explicit Handle, but I also agree it’s probably too verbose for most use cases and everyone will just use Handle::current() most of the time.

• tokio should not start a background runtime automatically. This seems like too big of a footgun, such as a library or application working fine in isolation but breaking or performing badly when combined with other applications/libraries when multiple runtimes compete against each other for CPU time.

Hi there, as a Tokio user I don’t have a particular positive preference about which strategy to use, but I have a very strong negative preference against adding a feature flag, because of the “spooky action at a distance” disadvantage mentioned above.

Tokio’s features are already very complicated and it’s easy to end up with things only working accidentally (your code uses some part of Tokio that’s feature-gated without setting the feature, but it works anyways because some Tokio-using library in your workspace set the feature for you). Although I am sympathetic to the concerns that led to this design, as a user I find it extremely confusing and I think that adding new features will make the problem worse.

This poll seems to indicate that in theory most people are in favor of explicitly passing things around, but in practice, the two big executors are global, and the log crate sees much more use than slog even though slog is an excellent library… so in practice convenience seems to win over design purity I suppose.

Another point regarding thread-locals vs explicitly passing handles/contexts that I’d like to briefly point out: a lot of people think that explicitly passing arguments is “faster” than using TLS, because there’s significant overhead from accessing thread-local storage relative to an argument that was passed into a function. It’s correct that accessing the TLS var has a performance impact, but the thing that this perspective overlooks is that in many cases, the argument has to be threaded through several layers of function calls where it’s not accessed before it reaches the function where it is accessed. I’ve actually heard people report that they’ve seen noticeable performance improvements switching from slog, where logging contexts are passed as arguments, to tracing, where spans are stored in TLS, because their programs are spending a lot of time copying the explicit argument on the stack. I think something like this may have an even bigger performance impact for task spawning. The typical program probably logs significantly more frequently than it spawns tasks, so in the case of passing around a handle argument for spawning tasks, I’d guess that the ratio of context-propagating function calls to context access for task-spawning handles is even more in the favor of TLS than in the case of tracing vs slog.

I support option #1 to avoid changing behavior/APIs and instead improve the error message where possible. This feels more aligned with the general behavior of the Rust ecosystem – explicit and informative error messages – instead of trying to pave the road in real-time for people who don’t know they’re going the “wrong” way.

I will try to answer some questions that have been asked here.

What is the consequence of polling a runtime-bound resource from a different runtime after it’s already been created?

The main issue is not that it is polled from a different runtime — rather the issue is that you now have two runtimes. A Tokio runtime spawns a thread for every cpu core, so if you spawn two runtimes, you have more threads than you have cpu cores, which can lead to inefficiencies.

There’s also the fact that it guarantees that your IO wont be handled on the same thread as where the future is polled. It is more efficient not to cross a thread boundary. Of course, this doesn’t always happen with a single runtime either unless you use the single-threaded scheduler, but it does happen for some of the tasks.

Is there a way to prevent tasks or resources cross runtime boundary?

Not really.

I’m not sure exactly which of spawn_blocking, block_in_place, etc. “leave” which parts of the runtime. Clearly thread::spawn does.

All threads managed by Tokio are inside the runtime context, so this includes spawn_blocking and block_in_place. Calling tokio::spawn and friends from inside them should work.

Threads spawned by other means are not inside the context unless they explicitly enter it with enter.

Hope it’s not to off topic, but I just remembered other gotcha’s I ran into:

• block_on within a task spawned on a runtime panics
• runtimes shouldn’t be dropped from async context.

Yeah well this is just the sort of thing you fundamentally have to avoid in async/await, because tasks must regularly yield control back to the executor to allow other tasks to run, and block_on doesn’t do that. There is block_in_place, but it’s a pretty big footgun.

I think a good error message combined with good documentation can alleviate this problem. Looking at the docs for the runtime module, I feel it’s not as clear as to what is going on under the hood as reading this issue.

• The first phrase there says “the following runtime services are necessary”, which is not really true. It depends on what one wants to do, but it doesn’t explain that certain types in the tokio library will require certain components to be turned on in a global (or TLS) way. And it doesn’t make it clear which parts of tokio depend on what.
• The example of using a closure with enter as showed above doesn’t appear on that page either.
• Further confusion (for me that was) comes from the fact that even though it describes the basic scheduler, it doesn’t explain why this doesn’t support !Send tasks and doesn’t mention LocalSet, nor how it can work together with it.
• Lastly, tokio Runtime uses AssertUnwindSafe on user’s code, but doesn’t mention Unwind safety in the docs.
• From my testing it seemed that Handle will silently drop tasks if the Runtime is no longer running, but that isn’t mentioned. The general docs for Handle are one phrase, and don’t really mention why it exists and when (not) to use it.

All in all I think the OP makes it clear there is no magical solution for this. The robust type system way is to pass a Handle around, but it’s understandable that is not necessarily convenient and comes at a perf cost. Thus I think solid docs and error messages are paramount.

Alternatively a guide level documentation on tokio.rs and a link in the API docs that really walks through the reasoning behind the Runtime design might be a good solution.