Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a panic example to std::from_utf8_unchecked #35890

Closed
wants to merge 6 commits into from
Closed

add a panic example to std::from_utf8_unchecked #35890

wants to merge 6 commits into from

Conversation

matthew-piziak
Copy link
Contributor

Show that passing invalid bytes to str::from_utf8_unchecked is a runtime panic.

r? @steveklabnik

frewsxcv
frewsxcv reviewed Aug 22, 2016
View reviewed changes
src/libcore/str/mod.rs
///
/// Incorrect bytes:
///
/// ```
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably be no_run, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, this example won't panic, so I guess it won't.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually it might? The from_utf8_unchecked won't fail, but printing it might? Not sure.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example won't panic?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From what I understand, this function should never panic (hence it being "unchecked").

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unchecked means it won't return an Err. It won't panic either, but the call to println! will, as it attempts to print an invalid string. I'll split the lines out to make that clearer.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops, never mind. It won't panic there either.

@frewsxcv
Copy link
Member

frewsxcv commented Aug 22, 2016
edited

While I can't think of any specific examples right now, it'd be great if we could somehow demonstrate memory safety issues, as described in the "Safety" section of this function.

@matthew-piziak
Copy link
Contributor Author

@frewsxcv Yeah, I can't think of any examples either. If somebody reading this knows of one, can you let me know? Thanks in advance!

@matthew-piziak
Copy link
Contributor Author

@ubsan ping!

@strega-nil
Copy link
Contributor

strega-nil commented Aug 23, 2016
edited

@matthew-piziak There are no memory safety issues with the current runtime. Someone could write something assuming valid utf-8, however, and read right off the end, however, for example with a Chars iterator. This is... not the most unsafe "undefined behavior", but with some versions of Chars it would still result in bad things :P

@matthew-piziak
Copy link
Contributor Author

@ubsan Gotcha, thanks. What do you think of this PR as-is, then?

steveklabnik
steveklabnik reviewed Aug 25, 2016
View reviewed changes
src/libcore/str/mod.rs
/// use std::str;
///
/// // some invalid bytes, in a vector
/// let sparkle_heart = vec![0, 159, 146, 150];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe change this name, since it's no longer a sparkle heart?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. I also renamed the example in the checked conversion.

@strega-nil
Copy link
Contributor

@matthew-piziak I don't generally recommend committing UB in documentation, no matter how frivolous I may think that UB is :P.

I'm not sure... You could say "poses a safety issue" as well.

@matthew-piziak
Copy link
Contributor Author

@ubsan Even with no_run braces?

@strega-nil
Copy link
Contributor

@matthew-piziak I meant more of "don't show people UB in documentation". I'd rather use correct examples.

@matthew-piziak
Copy link
Contributor Author

@ubsan That's fair. Shall we close this PR?

@steveklabnik
Copy link
Member

Yes, I agree. Thanks @matthew-piziak !

@matthew-piziak
Copy link
Contributor Author

Decided not to show undefined behavior in documentation.

@matthew-piziak matthew-piziak deleted the unchecked-incorrect-example branch August 30, 2016 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@steveklabnik steveklabnik

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@matthew-piziak @frewsxcv @strega-nil @steveklabnik