You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These are the result of auditing (as of 0003184) for panic opportunities. Some have been left off which are either unavoidable, in progress of being removed (#1658), or downstream of ones listed here (namely, downstream of is_bit_valid).
/// `is_bit_valid` may panic. Callers are responsible for ensuring that any
/// `unsafe` code remains sound even in the face of `is_bit_valid`
/// panicking. (We support user-defined validation routines; so long as
/// these routines are not required to be `unsafe`, there is no way to
/// ensure that these do not generate panics.)
///
/// Besides user-defined validation routines panicking, `is_bit_valid` will
/// either panic or fail to compile if called on a pointer with [`Shared`]
/// aliasing when `Self: !Immutable`.
Now that const eval semantics are more nailed down, we can probably stop hedging that this might panic and just guarantee a post-monomorphization error.
Note that many panics are downstream of is_bit_valid. If we tackle this, we should make sure to remove panic documentation from all downstream functions.
/// May panic if `align` is not a power of two. Even if it doesn't panic in this
/// case, it will produce nonsense results.
We could benefit from a power-of-two witness type.
The text was updated successfully, but these errors were encountered:
joshlf
changed the title
In validate_cast_and_convert_metadata, use post-monomorphization error to ban ZSTs instead of panicking
Remove panic opportunities
Sep 15, 2024
I don't think we can remove this one. validate_cast_and_convert_metadata's sole callsite is in Ptr::try_cast_into. That method consumes a meta: Option<U::PointerMetadata> argument. This meta is then combined U::LAYOUT to create layout: DstLayout, on which validate_cast_and_convert_metadata is called.
As a rule, we can only convert a panic to PME in scenarios where the PME condition is observable in a const context. This is a little too dynamic.
These are the result of auditing (as of 0003184) for panic opportunities. Some have been left off which are either unavoidable, in progress of being removed (#1658), or downstream of ones listed here (namely, downstream of
is_bit_valid
).validate_cast_and_convert_metadata
zerocopy/src/layout.rs
Lines 444 to 445 in 0003184
We should be able to make this work via a post-monomorphization error instead, and thus avoid a panic opportunity.
PointerMetadata::size_for_metadata
zerocopy/src/lib.rs
Lines 719 to 721 in 0003184
TryFromBytes::is_bit_valid
zerocopy/src/lib.rs
Lines 1243 to 1251 in 0003184
Now that const eval semantics are more nailed down, we can probably stop hedging that this might panic and just guarantee a post-monomorphization error.
Note that many panics are downstream of
is_bit_valid
. If we tackle this, we should make sure to remove panic documentation from all downstream functions.round_down_to_next_multiple_of_alignment
zerocopy/src/util/mod.rs
Lines 623 to 624 in 0003184
We could benefit from a power-of-two witness type.
The text was updated successfully, but these errors were encountered: