[error] Implement std::error::Error on errors #1298
Conversation
Cargo.toml
Outdated
| @@ -60,10 +60,11 @@ alloc = [] | |||
| derive = ["zerocopy-derive"] | |||
| simd = [] | |||
| simd-nightly = ["simd"] | |||
| std-error = ["alloc"] | |||
There was a problem hiding this comment.
I kinda think we should just call this feature std, for symmetry with alloc.
| impl<Src, Dst: ?Sized> fmt::Display for AlignmentError<Src, Dst> | ||
| where | ||
| Src: Deref, | ||
| Dst: KnownLayout, |
There was a problem hiding this comment.
Perhaps we should have this bound on our Display impls for the other error types, too?
There was a problem hiding this comment.
To what end? We only need it here because of its use in the body.
There was a problem hiding this comment.
@joshlf Improved diagnostics. I went ahead and added a KnownLayout bound to SizeError: https://github.com/google/zerocopy/compare/f8bd5db3e615ba1c93451e2cce6789c73788b2ca..235cd25c1b93f85e90287ada15d5a4fb2d5770c5
I'm sure we can use this bound to provide better diagnostics in the DST case too.
There was a problem hiding this comment.
I suspect this may also be considered too much data leak for some users. Size often correlates with content, which in turn can be used to violate confidentiality.
| @@ -139,14 +149,22 @@ where | |||
| f.write_str("the conversion failed because the address of the source (a multiple of ")?; | |||
| addr_align.fmt(f)?; | |||
| f.write_str(") is not a multiple of the alignment (")?; | |||
| core::mem::align_of::<Dst>().fmt(f)?; | |||
| <Dst as KnownLayout>::LAYOUT.align.get().fmt(f)?; | |||
There was a problem hiding this comment.
I really like the technique of using KnownLayout to enrich the error messages! We could also apply this to SizeError, I think, to revalidate the size at runtime from src in Display, rather than add another field to SizeError.
There was a problem hiding this comment.
Not sure I understand what you're suggesting here.
Incidentally, it turns out that some of the Src: Deref bounds were unnecessary (ie, not actually used), so I removed them.
joshlf
force-pushed
the
error-trait
branch
3 times, most recently
from
42e9149
to
650df6a
Compare
|
I added a |
joshlf
force-pushed
the
error-trait
branch
4 times, most recently
from
227763c
to
f8bd5db
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1298 +/- ##
==========================================
- Coverage 87.79% 87.55% -0.24%
==========================================
Files 15 15
Lines 5171 5224 +53
==========================================
+ Hits 4540 4574 +34
- Misses 631 650 +19 ☔ View full report in Codecov by Sentry. |
While we're here, also relax `Dispaly for AlignmentError<Src, Dst>` to permit `Dst: ?Sized` in exchange for `Dst: KnownLayout`. This is an important relaxation since our APIs permit performing conversions into unsized destination types with runtime alignment checking. Also make all errors `Send + Sync` regardless of `Dst`, which only exists at the type level, but is never instantiated. Makes progress on #1297
There was a problem hiding this comment.
I went ahead and committed an example of how having a KnownLayout bound can be used to improve our diagnostics. Generally speaking, I think we should consistently have Src: Deref and Dst: ?Sized + KnownLayout on our Display and Error impls. We can always relax the bounds later.
I can't think, right now, of how it might be useful for ValidityError, but who knows — depending on how we evolve that trait, an opportunity might arise.
| impl<Src, Dst: ?Sized> fmt::Display for AlignmentError<Src, Dst> | ||
| where | ||
| Src: Deref, | ||
| Dst: KnownLayout, |
There was a problem hiding this comment.
@joshlf Improved diagnostics. I went ahead and added a KnownLayout bound to SizeError: https://github.com/google/zerocopy/compare/f8bd5db3e615ba1c93451e2cce6789c73788b2ca..235cd25c1b93f85e90287ada15d5a4fb2d5770c5
I'm sure we can use this bound to provide better diagnostics in the DST case too.
| @@ -206,17 +224,26 @@ impl<Src, Dst: ?Sized> fmt::Debug for SizeError<Src, Dst> { | |||
| /// Produces a human-readable error message. | |||
| impl<Src, Dst: ?Sized> fmt::Display for SizeError<Src, Dst> | |||
| where | |||
| Src: Deref, | |||
There was a problem hiding this comment.
I think we should keep this bound, too. Once we have size_of_val, we can use this bound to provide information about the length of the source.
There was a problem hiding this comment.
What do you mean "once we have size_of_val"? We already do.
(Same concern about leaking size, btw.)
There was a problem hiding this comment.
D'oh. :-)
I hear your concerns about security in some contexts, but this would be a substantial improvement in the error message in other contexts. Perhaps we could keep it off-by-default, and only display the additional info under a cfg or in alternate formatting mode?
There was a problem hiding this comment.
Hmmm yeah I could see that. Maybe a "rich-error-text" feature or something? We could probably gate a lot behind that so we're super anal without it but pretty verbose with it.
|
Discussed offline with @jswrenn. Here's the plan:
|
While we're here, also relax
Dispaly for AlignmentError<Src, Dst>to permitDst: ?Sizedin exchange forDst: KnownLayout. This is an important relaxation since our APIs permit performing conversions into unsized destination types with runtime alignment checking.Makes progress on #1297