-
-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(lib): add
forbid_unsafe
feature to disable unsafe code (#413)
* add default 'unsafe' feature, remove 'read_byte_unchecked' * feature flag 'slice_unchecked' * feature flag remaining unsafety * fix misnamed feature flags * fix a few more feature flags * lints and formatting * correct the auto-correct * Rename feature to forbid_unsafe so unsafe code is the default * reintroduce 'read_byte_unchecked' * don't use --all-features as the default, as that removes unsafe code paths * add safe path to codegen and fix regression on unsafe path * enable 'forbid_unsafe' on logos-derive/codegen if enabled on 'logos' and macro is re-exported * fmt * additionally run benchmarks against forbid_unsafe * add --features forbid_unsafe to the new benchmarks * handle case of base branch not supporting forbid_unsafe feature * include comment if comparing against defaults instead of before * troubleshoot why the two benchmark runs seem to be the same * try renaming the baselines * seems baseline names may only include underscores * and display the correct results for forbid_unsafe * test default features and forbid unsafe in test matrix * add forbid_unsafe to integration test * add safety note to source trait * add safety note to source trait * wordsmithing * include note on feature unification * fmt
- Loading branch information
Showing
20 changed files
with
242 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Unsafe Code | ||
|
||
By default, **Logos** uses unsafe code to avoid unnecessary bounds checks while | ||
accessing slices of the input `Source`. | ||
|
||
This unsafe code also exists in the code generated by the `Logos` derive macro, | ||
which generates a deterministic finite automata (DFA). Reasoning about the correctness | ||
of this generated code can be difficult - if the derivation of the DFA in `Logos` | ||
is correct, then this generated code will be correct and any mistakes in implementation | ||
would be caught given sufficient fuzz testing. | ||
|
||
Use of unsafe code is the default as this typically provides the fastest parser. | ||
|
||
## Disabling Unsafe Code | ||
|
||
However, for applications accepting untrusted input in a trusted context, this | ||
may not be a sufficient correctness justification. | ||
|
||
For those applications which cannot tolerate unsafe code, the feature `forbid-unsafe` | ||
may be enabled. This replaces unchecked accesses in the `Logos` crate with safe, | ||
checked alternatives which will panic on out-of-bounds access rather than cause | ||
undefined behavior. Additionally, code generated by the macro will not use the | ||
unsafe keyword, so generated code may be used in a crates using the | ||
`#![forbid(unsafe_code)]` attribute. | ||
|
||
When the `forbid-unsafe` feature is added to a direct dependency on the `Logos` crate, | ||
[Feature Unification](https://doc.rust-lang.org/cargo/reference/features.html#feature-unification) | ||
ensures any transitive inclusion of `Logos` via other dependencies also have unsafe | ||
code disabled. | ||
|
||
Generally, disabling unsafe code will result in a slower parser. | ||
|
||
However making definitive statements around performance of safe-only code is difficult, | ||
as there are too many variables to consider between compiler optimizations, | ||
the specific grammar being parsed, and the target processor. The automated benchmarks | ||
of this crate show around a 10% slowdown in safe-only code at the time of this writing. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.