-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[error] Implement std::error::Error on errors #1298
base: main
Are you sure you want to change the base?
Conversation
Cargo.toml
Outdated
@@ -60,10 +60,11 @@ alloc = [] | |||
derive = ["zerocopy-derive"] | |||
simd = [] | |||
simd-nightly = ["simd"] | |||
std-error = ["alloc"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kinda think we should just call this feature std
, for symmetry with alloc
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
impl<Src, Dst: ?Sized> fmt::Display for AlignmentError<Src, Dst> | ||
where | ||
Src: Deref, | ||
Dst: KnownLayout, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps we should have this bound on our Display
impls for the other error types, too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To what end? We only need it here because of its use in the body.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joshlf Improved diagnostics. I went ahead and added a KnownLayout
bound to SizeError
: https://github.com/google/zerocopy/compare/f8bd5db3e615ba1c93451e2cce6789c73788b2ca..235cd25c1b93f85e90287ada15d5a4fb2d5770c5
I'm sure we can use this bound to provide better diagnostics in the DST case too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect this may also be considered too much data leak for some users. Size often correlates with content, which in turn can be used to violate confidentiality.
@@ -139,14 +149,22 @@ where | |||
f.write_str("the conversion failed because the address of the source (a multiple of ")?; | |||
addr_align.fmt(f)?; | |||
f.write_str(") is not a multiple of the alignment (")?; | |||
core::mem::align_of::<Dst>().fmt(f)?; | |||
<Dst as KnownLayout>::LAYOUT.align.get().fmt(f)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really like the technique of using KnownLayout
to enrich the error messages! We could also apply this to SizeError
, I think, to revalidate the size at runtime from src
in Display
, rather than add another field to SizeError
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I understand what you're suggesting here.
Incidentally, it turns out that some of the Src: Deref
bounds were unnecessary (ie, not actually used), so I removed them.
42e9149
to
650df6a
Compare
I added a |
227763c
to
f8bd5db
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1298 +/- ##
==========================================
- Coverage 87.79% 87.55% -0.24%
==========================================
Files 15 15
Lines 5171 5224 +53
==========================================
+ Hits 4540 4574 +34
- Misses 631 650 +19 ☔ View full report in Codecov by Sentry. |
While we're here, also relax `Dispaly for AlignmentError<Src, Dst>` to permit `Dst: ?Sized` in exchange for `Dst: KnownLayout`. This is an important relaxation since our APIs permit performing conversions into unsized destination types with runtime alignment checking. Also make all errors `Send + Sync` regardless of `Dst`, which only exists at the type level, but is never instantiated. Makes progress on #1297
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went ahead and committed an example of how having a KnownLayout
bound can be used to improve our diagnostics. Generally speaking, I think we should consistently have Src: Deref
and Dst: ?Sized + KnownLayout
on our Display
and Error
impls. We can always relax the bounds later.
I can't think, right now, of how it might be useful for ValidityError
, but who knows — depending on how we evolve that trait, an opportunity might arise.
impl<Src, Dst: ?Sized> fmt::Display for AlignmentError<Src, Dst> | ||
where | ||
Src: Deref, | ||
Dst: KnownLayout, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joshlf Improved diagnostics. I went ahead and added a KnownLayout
bound to SizeError
: https://github.com/google/zerocopy/compare/f8bd5db3e615ba1c93451e2cce6789c73788b2ca..235cd25c1b93f85e90287ada15d5a4fb2d5770c5
I'm sure we can use this bound to provide better diagnostics in the DST case too.
@@ -206,17 +224,26 @@ impl<Src, Dst: ?Sized> fmt::Debug for SizeError<Src, Dst> { | |||
/// Produces a human-readable error message. | |||
impl<Src, Dst: ?Sized> fmt::Display for SizeError<Src, Dst> | |||
where | |||
Src: Deref, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should keep this bound, too. Once we have size_of_val
, we can use this bound to provide information about the length of the source.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean "once we have size_of_val
"? We already do.
(Same concern about leaking size, btw.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
D'oh. :-)
I hear your concerns about security in some contexts, but this would be a substantial improvement in the error message in other contexts. Perhaps we could keep it off-by-default, and only display the additional info under a cfg
or in alternate formatting mode?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm yeah I could see that. Maybe a "rich-error-text" feature or something? We could probably gate a lot behind that so we're super anal without it but pretty verbose with it.
Discussed offline with @jswrenn. Here's the plan:
|
While we're here, also relax
Dispaly for AlignmentError<Src, Dst>
to permitDst: ?Sized
in exchange forDst: KnownLayout
. This is an important relaxation since our APIs permit performing conversions into unsized destination types with runtime alignment checking.Makes progress on #1297