Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom validators for TryFromBytes #1330

Open
Tracked by #5
kupiakos opened this issue May 20, 2024 · 1 comment
Open
Tracked by #5

Support custom validators for TryFromBytes #1330

kupiakos opened this issue May 20, 2024 · 1 comment
Labels
customer-request Documents customer requests.

Comments

@kupiakos
Copy link
Contributor

kupiakos commented May 20, 2024
edited

These are kinds of validity that users may need to have checked before transmutation from &[u8] to &T:

  1. The language-level validity of the bits for the type of each field in T, e.g. a bool must be either 0 or 1. This is implemented by the derive.
  2. The library-level validity of the bits in T, e.g. an invariant that the first field is less than the second. This can be referenced by the derive but inherently must be user-controlled.
  3. The library-level validity of the individual fields in T, based on the above library-level check applied to each field. This is also implemented by the derive.
  4. The library-level validity of the length of the struct given the header contents, e.g. the length field is equal to the size of the tail slice. This only applies to dynamically sized structs ending in a slice.

The plan discussed in #5 and #372 is to support the concept of a custom validator, a function or closure provided to derive(TryFromBytes) that will always be called before allowing a TryFromBytes transmute to succeed.

Open Questions

  • Should users be able to provide their own error type, to communicate the way in which the validation failed? How would this be exposed to the higher-level TryFromBytes APIs?
  • How will data validation interact with custom DSTs? Is the validator also responsible for validating the correct length of the tail slice, or even deriving the correct length (as proposed in Support casting to a KnownLayout type with a user-provided length computed dynamically #1289 (comment))?
    • What happens if the user provides both a #[length] and custom validator function and they disagree?
    • Given struct Outer { x: u8, y: Inner }/struct Inner { a: [u8; 4], b: [u8] }, is the validator for Outer allowed to communicate a maximum length for the tail slice located inside of Inner? What if Inner has a custom validator that returns "valid if the tail slice is truncated to N", but Outer has a different return from its custom validator?
  • What are the required signature(s) for the custom validators? In theory the derive can support many return types simultaneously, including bool, Result<(), CustomError>, or Result<Option<usize>, CustomError> (to communicate a required length).
  • When zerocopy's expectations surrounding validator behavior are violated, should it panic (terrible for embedded), only panic in debug mode (middle ground a la + overflow checking), or always reject the input (could miss bugs in validators).
@kupiakos kupiakos added the customer-request Documents customer requests. label May 20, 2024
@joshlf
Copy link
Member

joshlf commented May 20, 2024

See also: #590

@joshlf joshlf mentioned this issue May 20, 2024
Open
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer-request Documents customer requests.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshlf @kupiakos