write_to_prefix generates panic path
#200
Comments
|
What tool(s) are you using to inspect the output? Is it something I could run myself? If you're able to, could you see whether this version of the code generates a panic path? It's similar to what you wrote, but keeps the same structure of the existing code: fn write_to_prefix<B: ByteSliceMut>(&self, mut bytes: B) -> Option<()> {
let self_bytes = self.as_bytes();
bytes.get_mut(..self_bytes.len())?.copy_from_slice(self_bytes);
Some(())
} |
|
There are also some clippy lints that we can turn on to help root out these kinds of silent panic paths:
These are extremely pedantic lints, so it's not something we can address in the near term. We can root out panics on demand when they're affecting users. |
|
I minimized this example and ran it through Godbolt, and found that the panic is optimized out. My guess is that your issue was that the compiler ran out of optimization budget since you're presumably compiling more code than this toy example. I filed #202 so that we can hopefully handle these cases in a more principled way than to just experiment to find out whether, in practice, panics are being optimized out. |
I was manually looking at the LST file for our binary trying to track down all of our panic paths when I discovered this. I think godbolt is a very good alternative to test out potential panic paths though. The example from the second comment should not contain any panic paths either. |
|
I think I just found another panic path in I have tried to think of a solutions, and the one I keep coming back to is making pub fn new_from_prefix(bytes: B) -> Option<(LayoutVerified<B, T>, B)> {
if !aligned_to(bytes.deref(), mem::align_of::<T>()) {
return None;
}
let (bytes, suffix) = bytes.split_at(mem::size_of::<T>())?;
Some((LayoutVerified(bytes, PhantomData), suffix))
}Moving the size check into the Feel free to go with another implementation, I just wanted to offer at least one possible option to remove the panics centered around |
|
|
Happy to say we went this route in #1071!
Excellent suggestion. I'll look into whether we can do this. |
In doing so, we eliminate a potential panic path. Although I was not able to observe panic paths emitted in toy examples, they might be emitted in complex examples in which the optimizer is low on gas. Regardless, I expect this change will ease our future adoption of call-graph analysis techniques of potential panic paths. Ref #200 (comment)
In doing so, we eliminate a potential panic path. Although I was not able to observe panic paths emitted in toy examples, they might be emitted in complex examples in which the optimizer is low on gas. Regardless, I expect this change will ease our future adoption of call-graph analysis techniques of potential panic paths. Ref #200 (comment)
In doing so, we eliminate a potential panic path. Although I was not able to observe panic paths emitted in toy examples, they might be emitted in complex examples in which the optimizer is low on gas. Regardless, I expect this change will ease our future adoption of call-graph analysis techniques of potential panic paths. Ref #200 (comment)
In doing so, we eliminate a potential panic path. Although I was not able to observe panic paths emitted in toy examples, they might be emitted in complex examples in which the optimizer is low on gas. Regardless, I expect this change will ease our future adoption of call-graph analysis techniques of potential panic paths. Ref #200 (comment)
The
write_to_prefixfunction is generating a panic path in our code, and I am pretty sure it is thebytes[..size].copy_from_slice(self.as_bytes());line. The compiler doesn't have enough information to elide the slice comparison check.If the code was written like the following, the compiler should not generate a panic path
The text was updated successfully, but these errors were encountered: