diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2020-12-11 20:09:16 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-12-11 20:09:16 +0000 |
commit | 35d16bc0f3cc37cd4d7db8b60b9d5567f45a03be (patch) | |
tree | c10b6e7e74fecfe4a99ef7728b62a795913d83f6 | |
parent | 012218877270a160d86aa0a5a8b17f3a246b2772 (diff) | |
parent | db13a92ef66107b0fb583b61eb8f6a5c3150d49c (diff) | |
download | no-panic-35d16bc0f3cc37cd4d7db8b60b9d5567f45a03be.tar.gz |
no-panic v0.1.14 am: 424ae2f8d0 am: db13a92ef6
Original change: https://android-review.googlesource.com/c/platform/external/rust/crates/no-panic/+/1523840
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Iae1e7202678e040b10e16d0c2158b1b780023971
-rw-r--r-- | .cargo_vcs_info.json | 5 | ||||
-rw-r--r-- | .github/FUNDING.yml | 1 | ||||
-rw-r--r-- | .github/workflows/ci.yml | 29 | ||||
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | Cargo.toml | 38 | ||||
-rw-r--r-- | Cargo.toml.orig | 24 | ||||
l--------- | LICENSE | 1 | ||||
-rw-r--r-- | LICENSE-APACHE | 201 | ||||
-rw-r--r-- | LICENSE-MIT | 23 | ||||
-rw-r--r-- | METADATA | 19 | ||||
-rw-r--r-- | MODULE_LICENSE_APACHE2 | 0 | ||||
-rw-r--r-- | OWNERS | 1 | ||||
-rw-r--r-- | README.md | 127 | ||||
-rw-r--r-- | src/lib.rs | 204 | ||||
-rw-r--r-- | tests/compiletest/mod.rs | 79 | ||||
-rw-r--r-- | tests/test.rs | 181 |
16 files changed, 936 insertions, 0 deletions
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json new file mode 100644 index 0000000..02fa1cf --- /dev/null +++ b/.cargo_vcs_info.json @@ -0,0 +1,5 @@ +{ + "git": { + "sha1": "c9b18d4a8af4393dc9d9e5efb4d3cc7a56c41d92" + } +} diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..7507077 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: dtolnay diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..921c271 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,29 @@ +name: CI + +on: + push: + pull_request: + schedule: [cron: "40 1 * * *"] + +jobs: + test: + name: Rust ${{matrix.rust}} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + rust: [nightly, beta, stable, 1.32.0] + steps: + - uses: actions/checkout@v2 + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{matrix.rust}} + - run: cargo test + + msrv: + name: Rust 1.31.0 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: dtolnay/rust-toolchain@1.31.0 + - run: cargo build diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6936990 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/target +**/*.rs.bk +Cargo.lock diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..c854821 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,38 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies +# +# If you believe there's an error in this file please file an +# issue against the rust-lang/cargo repository. If you're +# editing this file be aware that the upstream Cargo.toml +# will likely look very different (and much more reasonable) + +[package] +edition = "2018" +name = "no-panic" +version = "0.1.14" +authors = ["David Tolnay <dtolnay@gmail.com>"] +description = "Attribute macro to require that the compiler prove a function can't ever panic." +documentation = "https://github.com/dtolnay/no-panic" +readme = "README.md" +license = "MIT OR Apache-2.0" +repository = "https://github.com/dtolnay/no-panic" +[package.metadata.docs.rs] +targets = ["x86_64-unknown-linux-gnu"] + +[lib] +proc-macro = true +[dependencies.proc-macro2] +version = "1.0" + +[dependencies.quote] +version = "1.0" + +[dependencies.syn] +version = "1.0" +features = ["full"] +[dev-dependencies.tempfile] +version = "3.0" diff --git a/Cargo.toml.orig b/Cargo.toml.orig new file mode 100644 index 0000000..9be6d3f --- /dev/null +++ b/Cargo.toml.orig @@ -0,0 +1,24 @@ +[package] +name = "no-panic" +version = "0.1.14" +authors = ["David Tolnay <dtolnay@gmail.com>"] +edition = "2018" +license = "MIT OR Apache-2.0" +description = "Attribute macro to require that the compiler prove a function can't ever panic." +repository = "https://github.com/dtolnay/no-panic" +documentation = "https://github.com/dtolnay/no-panic" +readme = "README.md" + +[lib] +proc-macro = true + +[dependencies] +proc-macro2 = "1.0" +quote = "1.0" +syn = { version = "1.0", features = ["full"] } + +[dev-dependencies] +tempfile = "3.0" + +[package.metadata.docs.rs] +targets = ["x86_64-unknown-linux-gnu"] @@ -0,0 +1 @@ +LICENSE-APACHE
\ No newline at end of file diff --git a/LICENSE-APACHE b/LICENSE-APACHE new file mode 100644 index 0000000..16fe87b --- /dev/null +++ b/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/LICENSE-MIT b/LICENSE-MIT new file mode 100644 index 0000000..31aa793 --- /dev/null +++ b/LICENSE-MIT @@ -0,0 +1,23 @@ +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/METADATA b/METADATA new file mode 100644 index 0000000..b49a5e0 --- /dev/null +++ b/METADATA @@ -0,0 +1,19 @@ +name: "no-panic" +description: "Attribute macro to require that the compiler prove a function can\'t ever panic." +third_party { + url { + type: HOMEPAGE + value: "https://crates.io/crates/no-panic" + } + url { + type: ARCHIVE + value: "https://static.crates.io/crates/no-panic/no-panic-0.1.14.crate" + } + version: "0.1.14" + license_type: NOTICE + last_upgrade_date { + year: 2020 + month: 12 + day: 9 + } +} diff --git a/MODULE_LICENSE_APACHE2 b/MODULE_LICENSE_APACHE2 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/MODULE_LICENSE_APACHE2 @@ -0,0 +1 @@ +include platform/prebuilts/rust:/OWNERS diff --git a/README.md b/README.md new file mode 100644 index 0000000..a1c09fb --- /dev/null +++ b/README.md @@ -0,0 +1,127 @@ +\#\[no\_panic\] +=============== + +[<img alt="github" src="https://img.shields.io/badge/github-dtolnay/no--panic-8da0cb?style=for-the-badge&labelColor=555555&logo=github" height="20">](https://github.com/dtolnay/no-panic) +[<img alt="crates.io" src="https://img.shields.io/crates/v/no-panic.svg?style=for-the-badge&color=fc8d62&logo=rust" height="20">](https://crates.io/crates/no-panic) +[<img alt="docs.rs" src="https://img.shields.io/badge/docs.rs-no--panic-66c2a5?style=for-the-badge&labelColor=555555&logoColor=white&logo=data:image/svg+xml;base64,PHN2ZyByb2xlPSJpbWciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDUxMiA1MTIiPjxwYXRoIGZpbGw9IiNmNWY1ZjUiIGQ9Ik00ODguNiAyNTAuMkwzOTIgMjE0VjEwNS41YzAtMTUtOS4zLTI4LjQtMjMuNC0zMy43bC0xMDAtMzcuNWMtOC4xLTMuMS0xNy4xLTMuMS0yNS4zIDBsLTEwMCAzNy41Yy0xNC4xIDUuMy0yMy40IDE4LjctMjMuNCAzMy43VjIxNGwtOTYuNiAzNi4yQzkuMyAyNTUuNSAwIDI2OC45IDAgMjgzLjlWMzk0YzAgMTMuNiA3LjcgMjYuMSAxOS45IDMyLjJsMTAwIDUwYzEwLjEgNS4xIDIyLjEgNS4xIDMyLjIgMGwxMDMuOS01MiAxMDMuOSA1MmMxMC4xIDUuMSAyMi4xIDUuMSAzMi4yIDBsMTAwLTUwYzEyLjItNi4xIDE5LjktMTguNiAxOS45LTMyLjJWMjgzLjljMC0xNS05LjMtMjguNC0yMy40LTMzLjd6TTM1OCAyMTQuOGwtODUgMzEuOXYtNjguMmw4NS0zN3Y3My4zek0xNTQgMTA0LjFsMTAyLTM4LjIgMTAyIDM4LjJ2LjZsLTEwMiA0MS40LTEwMi00MS40di0uNnptODQgMjkxLjFsLTg1IDQyLjV2LTc5LjFsODUtMzguOHY3NS40em0wLTExMmwtMTAyIDQxLjQtMTAyLTQxLjR2LS42bDEwMi0zOC4yIDEwMiAzOC4ydi42em0yNDAgMTEybC04NSA0Mi41di03OS4xbDg1LTM4Ljh2NzUuNHptMC0xMTJsLTEwMiA0MS40LTEwMi00MS40di0uNmwxMDItMzguMiAxMDIgMzguMnYuNnoiPjwvcGF0aD48L3N2Zz4K" height="20">](https://docs.rs/no-panic) +[<img alt="build status" src="https://img.shields.io/github/workflow/status/dtolnay/no-panic/CI/master?style=for-the-badge" height="20">](https://github.com/dtolnay/no-panic/actions?query=branch%3Amaster) + +A Rust attribute macro to require that the compiler prove a function can't ever +panic. + +```toml +[dependencies] +no-panic = "0.1" +``` + +```rust +use no_panic::no_panic; + +#[no_panic] +fn demo(s: &str) -> &str { + &s[1..] +} + +fn main() { + println!("{}", demo("input string")); +} +``` + +If the function does panic (or the compiler fails to prove that the function +cannot panic), the program fails to compile with a linker error that identifies +the function name. Let's trigger that by passing a string that cannot be sliced +at the first byte: + +```rust +fn main() { + println!("{}", demo("\u{1f980}input string")); +} +``` + +```console + Compiling no-panic-demo v0.0.1 +error: linking with `cc` failed: exit code: 1 + | + = note: /no-panic-demo/target/release/deps/no_panic_demo-7170785b672ae322.no_p +anic_demo1-cba7f4b666ccdbcbbf02b7348e5df1b2.rs.rcgu.o: In function `_$LT$no_pani +c_demo..demo..__NoPanic$u20$as$u20$core..ops..drop..Drop$GT$::drop::h72f8f423002 +b8d9f': + no_panic_demo1-cba7f4b666ccdbcbbf02b7348e5df1b2.rs:(.text._ZN72_$LT$no +_panic_demo..demo..__NoPanic$u20$as$u20$core..ops..drop..Drop$GT$4drop17h72f8f42 +3002b8d9fE+0x2): undefined reference to ` + + ERROR[no-panic]: detected panic in function `demo` + ' + collect2: error: ld returned 1 exit status +``` + +The error is not stellar but notice the ERROR\[no-panic\] part at the end that +provides the name of the offending function. + +*Compiler support: requires rustc 1.31+* + +<br> + +### Caveats + +- Functions that require some amount of optimization to prove that they do not + panic may no longer compile in debug mode after being marked `#[no_panic]`. + +- Panic detection happens at link time across the entire dependency graph, so + any Cargo commands that do not invoke a linker will not trigger panic + detection. This includes `cargo build` of library crates and `cargo check` of + binary and library crates. + +- The attribute is useless in code built with `panic = "abort"`. + +If you find that code requires optimization to pass `#[no_panic]`, either make +no-panic an optional dependency that you only enable in release builds, or add a +section like the following to Cargo.toml to enable very basic optimization in +debug builds. + +```toml +[profile.dev] +opt-level = 1 +``` + +If the code that you need to prove isn't panicking makes function calls to +non-generic non-inline functions from a different crate, you may need thin LTO +enabled for the linker to deduce those do not panic. + +```toml +[profile.release] +lto = "thin" +``` + +If you want no\_panic to just assume that some function you call doesn't panic, +and get Undefined Behavior if it does at runtime, see [dtolnay/no-panic#16]; try +wrapping that call in an `unsafe extern "C"` wrapper. + +[dtolnay/no-panic#16]: https://github.com/dtolnay/no-panic/issues/16 + +<br> + +### Acknowledgments + +The linker error technique is based on [Kixunil]'s crate [`dont_panic`]. Check +out that crate for other convenient ways to require absence of panics. + +[Kixunil]: https://github.com/Kixunil +[`dont_panic`]: https://github.com/Kixunil/dont_panic + +<br> + +#### License + +<sup> +Licensed under either of <a href="LICENSE-APACHE">Apache License, Version +2.0</a> or <a href="LICENSE-MIT">MIT license</a> at your option. +</sup> + +<br> + +<sub> +Unless you explicitly state otherwise, any contribution intentionally submitted +for inclusion in this crate by you, as defined in the Apache-2.0 license, shall +be dual licensed as above, without any additional terms or conditions. +</sub> diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..2c9bd77 --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,204 @@ +//! [![github]](https://github.com/dtolnay/no-panic) [![crates-io]](https://crates.io/crates/no-panic) [![docs-rs]](https://docs.rs/no-panic) +//! +//! [github]: https://img.shields.io/badge/github-8da0cb?style=for-the-badge&labelColor=555555&logo=github +//! [crates-io]: https://img.shields.io/badge/crates.io-fc8d62?style=for-the-badge&labelColor=555555&logo=rust +//! [docs-rs]: https://img.shields.io/badge/docs.rs-66c2a5?style=for-the-badge&labelColor=555555&logoColor=white&logo=data:image/svg+xml;base64,PHN2ZyByb2xlPSJpbWciIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDUxMiA1MTIiPjxwYXRoIGZpbGw9IiNmNWY1ZjUiIGQ9Ik00ODguNiAyNTAuMkwzOTIgMjE0VjEwNS41YzAtMTUtOS4zLTI4LjQtMjMuNC0zMy43bC0xMDAtMzcuNWMtOC4xLTMuMS0xNy4xLTMuMS0yNS4zIDBsLTEwMCAzNy41Yy0xNC4xIDUuMy0yMy40IDE4LjctMjMuNCAzMy43VjIxNGwtOTYuNiAzNi4yQzkuMyAyNTUuNSAwIDI2OC45IDAgMjgzLjlWMzk0YzAgMTMuNiA3LjcgMjYuMSAxOS45IDMyLjJsMTAwIDUwYzEwLjEgNS4xIDIyLjEgNS4xIDMyLjIgMGwxMDMuOS01MiAxMDMuOSA1MmMxMC4xIDUuMSAyMi4xIDUuMSAzMi4yIDBsMTAwLTUwYzEyLjItNi4xIDE5LjktMTguNiAxOS45LTMyLjJWMjgzLjljMC0xNS05LjMtMjguNC0yMy40LTMzLjd6TTM1OCAyMTQuOGwtODUgMzEuOXYtNjguMmw4NS0zN3Y3My4zek0xNTQgMTA0LjFsMTAyLTM4LjIgMTAyIDM4LjJ2LjZsLTEwMiA0MS40LTEwMi00MS40di0uNnptODQgMjkxLjFsLTg1IDQyLjV2LTc5LjFsODUtMzguOHY3NS40em0wLTExMmwtMTAyIDQxLjQtMTAyLTQxLjR2LS42bDEwMi0zOC4yIDEwMiAzOC4ydi42em0yNDAgMTEybC04NSA0Mi41di03OS4xbDg1LTM4Ljh2NzUuNHptMC0xMTJsLTEwMiA0MS40LTEwMi00MS40di0uNmwxMDItMzguMiAxMDIgMzguMnYuNnoiPjwvcGF0aD48L3N2Zz4K +//! +//! <br> +//! +//! A Rust attribute macro to require that the compiler prove a function can't +//! ever panic. +//! +//! ```toml +//! [dependencies] +//! no-panic = "0.1" +//! ``` +//! +//! ``` +//! use no_panic::no_panic; +//! +//! #[no_panic] +//! fn demo(s: &str) -> &str { +//! &s[1..] +//! } +//! +//! fn main() { +//! # fn demo(s: &str) -> &str { +//! # &s[1..] +//! # } +//! # +//! println!("{}", demo("input string")); +//! } +//! ``` +//! +//! If the function does panic (or the compiler fails to prove that the function +//! cannot panic), the program fails to compile with a linker error that +//! identifies the function name. Let's trigger that by passing a string that +//! cannot be sliced at the first byte: +//! +//! ```should_panic +//! # fn demo(s: &str) -> &str { +//! # &s[1..] +//! # } +//! # +//! fn main() { +//! println!("{}", demo("\u{1f980}input string")); +//! } +//! ``` +//! +//! ```console +//! Compiling no-panic-demo v0.0.1 +//! error: linking with `cc` failed: exit code: 1 +//! | +//! = note: /no-panic-demo/target/release/deps/no_panic_demo-7170785b672ae322.no_p +//! anic_demo1-cba7f4b666ccdbcbbf02b7348e5df1b2.rs.rcgu.o: In function `_$LT$no_pani +//! c_demo..demo..__NoPanic$u20$as$u20$core..ops..drop..Drop$GT$::drop::h72f8f423002 +//! b8d9f': +//! no_panic_demo1-cba7f4b666ccdbcbbf02b7348e5df1b2.rs:(.text._ZN72_$LT$no +//! _panic_demo..demo..__NoPanic$u20$as$u20$core..ops..drop..Drop$GT$4drop17h72f8f42 +//! 3002b8d9fE+0x2): undefined reference to ` +//! +//! ERROR[no-panic]: detected panic in function `demo` +//! ' +//! collect2: error: ld returned 1 exit status +//! ``` +//! +//! The error is not stellar but notice the ERROR\[no-panic\] part at the end +//! that provides the name of the offending function. +//! +//! *Compiler support: requires rustc 1.31+* +//! +//! <br> +//! +//! ## Caveats +//! +//! - Functions that require some amount of optimization to prove that they do +//! not panic may no longer compile in debug mode after being marked +//! `#[no_panic]`. +//! +//! - Panic detection happens at link time across the entire dependency graph, +//! so any Cargo commands that do not invoke a linker will not trigger panic +//! detection. This includes `cargo build` of library crates and `cargo check` +//! of binary and library crates. +//! +//! - The attribute is useless in code built with `panic = "abort"`. +//! +//! If you find that code requires optimization to pass `#[no_panic]`, either +//! make no-panic an optional dependency that you only enable in release builds, +//! or add a section like the following to Cargo.toml to enable very basic +//! optimization in debug builds. +//! +//! ```toml +//! [profile.dev] +//! opt-level = 1 +//! ``` +//! +//! If the code that you need to prove isn't panicking makes function calls to +//! non-generic non-inline functions from a different crate, you may need thin +//! LTO enabled for the linker to deduce those do not panic. +//! +//! ```toml +//! [profile.release] +//! lto = "thin" +//! ``` +//! +//! If you want no_panic to just assume that some function you call doesn't +//! panic, and get Undefined Behavior if it does at runtime, see +//! [dtolnay/no-panic#16]; try wrapping that call in an `unsafe extern "C"` +//! wrapper. +//! +//! [dtolnay/no-panic#16]: https://github.com/dtolnay/no-panic/issues/16 +//! +//! <br> +//! +//! ## Acknowledgments +//! +//! The linker error technique is based on [Kixunil]'s crate [`dont_panic`]. +//! Check out that crate for other convenient ways to require absence of panics. +//! +//! [Kixunil]: https://github.com/Kixunil +//! [`dont_panic`]: https://github.com/Kixunil/dont_panic + +extern crate proc_macro; + +use proc_macro::TokenStream; +use proc_macro2::Span; +use quote::quote; +use syn::{parse_macro_input, parse_quote, Attribute, FnArg, Ident, ItemFn, PatType, ReturnType}; + +#[proc_macro_attribute] +pub fn no_panic(args: TokenStream, function: TokenStream) -> TokenStream { + assert!(args.is_empty()); + + let mut function = parse_macro_input!(function as ItemFn); + + let mut move_self = None; + let mut arg_pat = Vec::new(); + let mut arg_val = Vec::new(); + for (i, input) in function.sig.inputs.iter_mut().enumerate() { + let numbered = Ident::new(&format!("__arg{}", i), Span::call_site()); + match input { + FnArg::Typed(PatType { pat, .. }) => { + arg_pat.push(quote!(#pat)); + arg_val.push(quote!(#numbered)); + *pat = parse_quote!(mut #numbered); + } + FnArg::Receiver(_) => { + move_self = Some(quote! { + if false { + loop {} + #[allow(unreachable_code)] + { + let __self = self; + } + } + }); + } + } + } + + let has_inline = function + .attrs + .iter() + .flat_map(Attribute::parse_meta) + .any(|meta| meta.path().is_ident("inline")); + if !has_inline { + function.attrs.push(parse_quote!(#[inline])); + } + + let ret = match &function.sig.output { + ReturnType::Default => quote!(-> ()), + output @ ReturnType::Type(..) => quote!(#output), + }; + let stmts = function.block.stmts; + let message = format!( + "\n\nERROR[no-panic]: detected panic in function `{}`\n", + function.sig.ident, + ); + function.block = Box::new(parse_quote!({ + struct __NoPanic; + extern "C" { + #[link_name = #message] + fn trigger() -> !; + } + impl core::ops::Drop for __NoPanic { + fn drop(&mut self) { + unsafe { + trigger(); + } + } + } + let __guard = __NoPanic; + let __result = (move || #ret { + #move_self + #( + let #arg_pat = #arg_val; + )* + #(#stmts)* + })(); + core::mem::forget(__guard); + __result + })); + + TokenStream::from(quote!(#function)) +} diff --git a/tests/compiletest/mod.rs b/tests/compiletest/mod.rs new file mode 100644 index 0000000..f4e26c1 --- /dev/null +++ b/tests/compiletest/mod.rs @@ -0,0 +1,79 @@ +use std::fs; +use std::process::Command; +use std::sync::Once; + +pub fn setup() { + static BUILD: Once = Once::new(); + BUILD.call_once(|| { + let status = Command::new("cargo") + .arg("build") + .status() + .expect("failed to build"); + assert!(status.success()); + }); +} + +pub fn contains_panic(name: &str, code: &str) -> bool { + let tempdir = tempfile::tempdir().unwrap(); + + let prelude = stringify! { + use no_panic::no_panic; + }; + + let rs = tempdir.path().join(format!("{}.rs", name)); + fs::write(&rs, format!("{}{}", prelude, code)).unwrap(); + + let status = Command::new("rustc") + .arg("--crate-name") + .arg(name) + .arg(rs) + .arg("--edition=2018") + .arg("-C") + .arg("opt-level=3") + .arg("--emit=asm") + .arg("--out-dir") + .arg(tempdir.path()) + .arg("--extern") + .arg("no_panic=target/debug/libno_panic.so") + .status() + .expect("failed to execute rustc"); + assert!(status.success()); + + let asm = tempdir.path().join(format!("{}.s", name)); + let asm = fs::read_to_string(asm).unwrap(); + asm.contains("detected panic in function") +} + +macro_rules! assert_no_panic { + ($(mod $name:ident { $($content:tt)* })*) => { + mod no_panic { + use crate::compiletest; + $( + #[test] + fn $name() { + compiletest::setup(); + let name = stringify!($name); + let content = stringify!($($content)*); + assert!(!compiletest::contains_panic(name, content)); + } + )* + } + }; +} + +macro_rules! assert_link_error { + ($(mod $name:ident { $($content:tt)* })*) => { + mod link_error { + use crate::compiletest; + $( + #[test] + fn $name() { + compiletest::setup(); + let name = stringify!($name); + let content = stringify!($($content)*); + assert!(compiletest::contains_panic(name, content)); + } + )* + } + }; +} diff --git a/tests/test.rs b/tests/test.rs new file mode 100644 index 0000000..a7da4d4 --- /dev/null +++ b/tests/test.rs @@ -0,0 +1,181 @@ +#[macro_use] +mod compiletest; + +assert_no_panic! { + mod test_readme { + #[no_panic] + fn demo(s: &str) -> &str { + &s[1..] + } + + fn main() { + println!("{}", demo("input string")); + } + } + + mod test_method_in_impl { + struct S; + + impl S { + #[no_panic] + fn demo(self) -> &'static str { + "test" + } + } + + fn main() { + println!("{}", S.demo()); + } + } + + mod test_lifetime_elision { + struct Buffer { + bytes: [u8; 24], + } + + #[no_panic] + fn demo(buffer: &mut Buffer) -> &[u8] { + &buffer.bytes[..] + } + + fn main() { + let mut buffer = Buffer { + bytes: [0u8; 24], + }; + println!("{:?}", demo(&mut buffer)); + } + } + + mod test_receiver_lifetime_elision { + struct Buffer { + bytes: [u8; 24], + } + + impl Buffer { + #[no_panic] + fn demo(&mut self, _s: &str) -> &[u8] { + &self.bytes[..] + } + } + + fn main() { + let mut buffer = Buffer { + bytes: [0u8; 24], + }; + println!("{:?}", buffer.demo("")); + } + } + + mod test_ref_argument { + #[no_panic] + fn demo(ref i: i32) -> i32 { + *i + } + + fn main() { + println!("{}", demo(0)); + } + } + + mod test_mut_argument { + #[no_panic] + fn demo(mut i: i32) -> i32 { + i += 1; + i + } + + fn main() { + println!("{}", demo(0)); + } + } + + mod test_ref_mut_argument { + #[no_panic] + fn demo(ref mut i: i32) -> i32 { + *i += 1; + *i + } + + fn main() { + println!("{}", demo(0)); + } + } + + mod test_borrow_from_mut_self { + struct S { + data: usize, + } + + impl S { + #[no_panic] + fn get_mut(&mut self) -> &mut usize { + &mut self.data + } + } + + fn main() { + let mut s = S { data: 0 }; + println!("{}", s.get_mut()); + } + } + + mod test_self_in_vec { + struct S { + data: usize, + } + + impl S { + #[no_panic] + fn get_mut(&mut self) -> Vec<usize> { + vec![self.data] + } + } + + fn main() { + let mut s = S { data: 0 }; + println!("{}", s.get_mut()[0]); + } + } + + mod test_self_in_macro_containing_fn { + pub struct S { + data: usize, + } + + macro_rules! emit { + ($($tt:tt)*) => { + $($tt)* + }; + } + + impl S { + #[no_panic] + fn get_mut(&mut self) -> usize { + let _ = emit!({ + impl S { + pub fn f(self) {} + } + }); + self.data + } + } + + fn main() { + let mut s = S { data: 0 }; + println!("{}", s.get_mut()); + } + } +} + +assert_link_error! { + mod test_readme { + #[no_panic] + fn demo(s: &str) -> &str { + &s[1..] + } + + fn main() { + println!("{}", demo("\u{1f980}input string")); + } + } +} |