From e5897a120ff11ec4dad0c3159e11a4cdecc06f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Fri, 13 Sep 2024 16:24:42 +0200 Subject: [PATCH 1/2] Add faillible version of size_hint to properly handle recursive structures The default implementation forwards to the current size_hint, so that it can be relied upon also for structures that still use the default implementation. The default implementation of `size_hint` is not changed, so that it does not break existing implementations --- derive/src/lib.rs | 36 ++++---- src/foreign/alloc/borrow.rs | 9 +- src/foreign/alloc/boxed.rs | 7 +- src/foreign/alloc/rc.rs | 7 +- src/foreign/alloc/sync.rs | 7 +- src/foreign/core/array.rs | 12 ++- src/foreign/core/cell.rs | 23 +++++- src/foreign/core/num.rs | 9 +- src/foreign/core/ops.rs | 41 ++++++---- src/foreign/core/option.rs | 15 ++-- src/foreign/core/result.rs | 15 ++-- src/foreign/core/tuple.rs | 14 ++-- src/foreign/std/sync.rs | 9 +- src/lib.rs | 159 ++++++++++++++++++++++++++++++++---- src/size_hint.rs | 27 +++++- tests/derive.rs | 75 ++++++++++++++++- 16 files changed, 384 insertions(+), 81 deletions(-) diff --git a/derive/src/lib.rs b/derive/src/lib.rs index 9aec119..9e64de0 100644 --- a/derive/src/lib.rs +++ b/derive/src/lib.rs @@ -364,17 +364,17 @@ fn gen_size_hint_method(input: &DeriveInput) -> Result { determine_field_constructor(f).map(|field_constructor| { match field_constructor { FieldConstructor::Default | FieldConstructor::Value(_) => { - quote!((0, Some(0))) + quote!(Ok((0, Some(0)))) } FieldConstructor::Arbitrary => { - quote! { <#ty as arbitrary::Arbitrary>::size_hint(depth) } + quote! { <#ty as arbitrary::Arbitrary>::try_size_hint(depth) } } // Note that in this case it's hard to determine what size_hint must be, so size_of::() is // just an educated guess, although it's gonna be inaccurate for dynamically // allocated types (Vec, HashMap, etc.). FieldConstructor::With(_) => { - quote! { (::core::mem::size_of::<#ty>(), None) } + quote! { Ok((::core::mem::size_of::<#ty>(), None)) } } } }) @@ -382,9 +382,9 @@ fn gen_size_hint_method(input: &DeriveInput) -> Result { .collect::>>() .map(|hints| { quote! { - arbitrary::size_hint::and_all(&[ - #( #hints ),* - ]) + Ok(arbitrary::size_hint::and_all(&[ + #( #hints? ),* + ])) } }) }; @@ -393,7 +393,12 @@ fn gen_size_hint_method(input: &DeriveInput) -> Result { quote! { #[inline] fn size_hint(depth: usize) -> (usize, ::core::option::Option) { - arbitrary::size_hint::recursion_guard(depth, |depth| #hint) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, ::core::option::Option), arbitrary::MaxRecursionReached> { + arbitrary::size_hint::try_recursion_guard(depth, |depth| #hint) } } }) @@ -413,14 +418,17 @@ fn gen_size_hint_method(input: &DeriveInput) -> Result { .collect::>>() .map(|variants| { quote! { - #[inline] fn size_hint(depth: usize) -> (usize, ::core::option::Option) { - arbitrary::size_hint::and( - ::size_hint(depth), - arbitrary::size_hint::recursion_guard(depth, |depth| { - arbitrary::size_hint::or_all(&[ #( #variants ),* ]) - }), - ) + Self::try_size_hint(depth).unwrap_or_default() + } + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, ::core::option::Option), arbitrary::MaxRecursionReached> { + Ok(arbitrary::size_hint::and( + ::try_size_hint(depth)?, + arbitrary::size_hint::try_recursion_guard(depth, |depth| { + Ok(arbitrary::size_hint::or_all(&[ #( #variants? ),* ])) + })?, + )) } } }), diff --git a/src/foreign/alloc/borrow.rs b/src/foreign/alloc/borrow.rs index a2809f0..9f058e4 100644 --- a/src/foreign/alloc/borrow.rs +++ b/src/foreign/alloc/borrow.rs @@ -14,8 +14,13 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::recursion_guard(depth, |depth| { - <::Owned as Arbitrary>::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), crate::MaxRecursionReached> { + size_hint::try_recursion_guard(depth, |depth| { + <::Owned as Arbitrary>::try_size_hint(depth) }) } } diff --git a/src/foreign/alloc/boxed.rs b/src/foreign/alloc/boxed.rs index d8c3437..c3014a3 100644 --- a/src/foreign/alloc/boxed.rs +++ b/src/foreign/alloc/boxed.rs @@ -13,7 +13,12 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::recursion_guard(depth, ::size_hint) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), crate::MaxRecursionReached> { + size_hint::try_recursion_guard(depth, ::try_size_hint) } } diff --git a/src/foreign/alloc/rc.rs b/src/foreign/alloc/rc.rs index f529277..6d58167 100644 --- a/src/foreign/alloc/rc.rs +++ b/src/foreign/alloc/rc.rs @@ -13,7 +13,12 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::recursion_guard(depth, ::size_hint) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), crate::MaxRecursionReached> { + size_hint::try_recursion_guard(depth, ::try_size_hint) } } diff --git a/src/foreign/alloc/sync.rs b/src/foreign/alloc/sync.rs index 8696e20..c8ca1db 100644 --- a/src/foreign/alloc/sync.rs +++ b/src/foreign/alloc/sync.rs @@ -13,7 +13,12 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::recursion_guard(depth, ::size_hint) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), crate::MaxRecursionReached> { + size_hint::try_recursion_guard(depth, ::try_size_hint) } } diff --git a/src/foreign/core/array.rs b/src/foreign/core/array.rs index 553d95d..39075be 100644 --- a/src/foreign/core/array.rs +++ b/src/foreign/core/array.rs @@ -64,9 +64,13 @@ where } #[inline] - fn size_hint(d: usize) -> (usize, Option) { - size_hint::and_all(&array::from_fn::<_, N, _>(|_| { - ::size_hint(d) - })) + fn size_hint(depth: usize) -> (usize, Option) { + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), crate::MaxRecursionReached> { + let hint = ::try_size_hint(depth)?; + Ok(size_hint::and_all(&array::from_fn::<_, N, _>(|_| hint))) } } diff --git a/src/foreign/core/cell.rs b/src/foreign/core/cell.rs index dea6a64..ad0db38 100644 --- a/src/foreign/core/cell.rs +++ b/src/foreign/core/cell.rs @@ -1,5 +1,5 @@ use { - crate::{Arbitrary, Result, Unstructured}, + crate::{Arbitrary, MaxRecursionReached, Result, Unstructured}, core::cell::{Cell, RefCell, UnsafeCell}, }; @@ -13,7 +13,12 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - >::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + >::try_size_hint(depth) } } @@ -27,7 +32,12 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - >::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + >::try_size_hint(depth) } } @@ -41,6 +51,11 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - >::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + >::try_size_hint(depth) } } diff --git a/src/foreign/core/num.rs b/src/foreign/core/num.rs index 3828336..f0d5b33 100644 --- a/src/foreign/core/num.rs +++ b/src/foreign/core/num.rs @@ -1,5 +1,5 @@ use { - crate::{Arbitrary, Error, Result, Unstructured}, + crate::{Arbitrary, Error, MaxRecursionReached, Result, Unstructured}, core::{ mem, num::{ @@ -131,6 +131,11 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - >::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + >::try_size_hint(depth) } } diff --git a/src/foreign/core/ops.rs b/src/foreign/core/ops.rs index 31cb82e..8c24735 100644 --- a/src/foreign/core/ops.rs +++ b/src/foreign/core/ops.rs @@ -1,5 +1,5 @@ use { - crate::{size_hint, Arbitrary, Result, Unstructured}, + crate::{size_hint, Arbitrary, MaxRecursionReached, Result, Unstructured}, core::{ mem, ops::{Bound, Range, RangeBounds, RangeFrom, RangeInclusive, RangeTo, RangeToInclusive}, @@ -25,53 +25,57 @@ macro_rules! impl_range { #[inline] fn size_hint(depth: usize) -> (usize, Option) { + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { #[allow(clippy::redundant_closure_call)] $size_hint_closure(depth) } } }; } - impl_range!( Range, |r: &Range| (r.start.clone(), r.end.clone()), (A, A), bounded_range(|(a, b)| a..b), - |depth| size_hint::and( - ::size_hint(depth), - ::size_hint(depth) - ) + |depth| Ok(crate::size_hint::and( + ::try_size_hint(depth)?, + ::try_size_hint(depth)?, + )) ); impl_range!( RangeFrom, |r: &RangeFrom| r.start.clone(), A, unbounded_range(|a| a..), - |depth| ::size_hint(depth) + |depth| ::try_size_hint(depth) ); impl_range!( RangeInclusive, |r: &RangeInclusive| (r.start().clone(), r.end().clone()), (A, A), bounded_range(|(a, b)| a..=b), - |depth| size_hint::and( - ::size_hint(depth), - ::size_hint(depth) - ) + |depth| Ok(crate::size_hint::and( + ::try_size_hint(depth)?, + ::try_size_hint(depth)?, + )) ); impl_range!( RangeTo, |r: &RangeTo| r.end.clone(), A, unbounded_range(|b| ..b), - |depth| ::size_hint(depth) + |depth| ::try_size_hint(depth) ); impl_range!( RangeToInclusive, |r: &RangeToInclusive| r.end.clone(), A, unbounded_range(|b| ..=b), - |depth| ::size_hint(depth) + |depth| ::try_size_hint(depth) ); pub(crate) fn bounded_range(bounds: (I, I), cb: CB) -> R @@ -110,9 +114,14 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::or( - size_hint::and((1, Some(1)), A::size_hint(depth)), + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + Ok(size_hint::or( + size_hint::and((1, Some(1)), A::try_size_hint(depth)?), (1, Some(1)), - ) + )) } } diff --git a/src/foreign/core/option.rs b/src/foreign/core/option.rs index cc14833..76ab978 100644 --- a/src/foreign/core/option.rs +++ b/src/foreign/core/option.rs @@ -1,4 +1,4 @@ -use crate::{size_hint, Arbitrary, Result, Unstructured}; +use crate::{size_hint, Arbitrary, MaxRecursionReached, Result, Unstructured}; impl<'a, A> Arbitrary<'a> for Option where @@ -14,9 +14,14 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::and( - ::size_hint(depth), - size_hint::or((0, Some(0)), ::size_hint(depth)), - ) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + Ok(size_hint::and( + ::try_size_hint(depth)?, + size_hint::or((0, Some(0)), ::try_size_hint(depth)?), + )) } } diff --git a/src/foreign/core/result.rs b/src/foreign/core/result.rs index 28bf075..65ad50a 100644 --- a/src/foreign/core/result.rs +++ b/src/foreign/core/result.rs @@ -1,4 +1,4 @@ -use crate::{size_hint, Arbitrary, Error, Unstructured}; +use crate::{size_hint, Arbitrary, Error, MaxRecursionReached, Unstructured}; impl<'a, T, E> Arbitrary<'a> for Result where @@ -15,12 +15,17 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::and( + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + Ok(size_hint::and( ::size_hint(depth), size_hint::or( - ::size_hint(depth), - ::size_hint(depth), + ::try_size_hint(depth)?, + ::try_size_hint(depth)?, ), - ) + )) } } diff --git a/src/foreign/core/tuple.rs b/src/foreign/core/tuple.rs index d98e019..dfdd469 100644 --- a/src/foreign/core/tuple.rs +++ b/src/foreign/core/tuple.rs @@ -1,4 +1,4 @@ -use crate::{size_hint, Arbitrary, Result, Unstructured}; +use crate::{size_hint, Arbitrary, MaxRecursionReached, Result, Unstructured}; macro_rules! arbitrary_tuple { () => {}; @@ -23,10 +23,14 @@ macro_rules! arbitrary_tuple { #[inline] fn size_hint(depth: usize) -> (usize, Option) { - size_hint::and_all(&[ - <$last as Arbitrary>::size_hint(depth), - $( <$xs as Arbitrary>::size_hint(depth) ),* - ]) + Self::try_size_hint(depth).unwrap_or_default() + } + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + Ok(size_hint::and_all(&[ + <$last as Arbitrary>::try_size_hint(depth)?, + $( <$xs as Arbitrary>::try_size_hint(depth)?),* + ])) } } }; diff --git a/src/foreign/std/sync.rs b/src/foreign/std/sync.rs index acc047a..312b37e 100644 --- a/src/foreign/std/sync.rs +++ b/src/foreign/std/sync.rs @@ -1,5 +1,5 @@ use { - crate::{Arbitrary, Result, Unstructured}, + crate::{Arbitrary, MaxRecursionReached, Result, Unstructured}, std::sync::Mutex, }; @@ -13,6 +13,11 @@ where #[inline] fn size_hint(depth: usize) -> (usize, Option) { - >::size_hint(depth) + Self::try_size_hint(depth).unwrap_or_default() + } + + #[inline] + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + A::try_size_hint(depth) } } diff --git a/src/lib.rs b/src/lib.rs index 1513586..ffdf462 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -38,6 +38,18 @@ pub use derive_arbitrary::*; #[doc(inline)] pub use unstructured::Unstructured; +/// Error indicating that the maximum recursion depth has been reached while calculating [`Arbitrary::size_hint`]() +#[derive(Debug, Clone, Copy)] +pub struct MaxRecursionReached; + +impl core::fmt::Display for MaxRecursionReached { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.write_str("Maximum recursion depth has been reached") + } +} + +impl core::error::Error for MaxRecursionReached {} + /// Generate arbitrary structured values from raw, unstructured data. /// /// The `Arbitrary` trait allows you to generate valid structured values, like @@ -220,8 +232,110 @@ pub trait Arbitrary<'a>: Sized { /// create a better implementation. If you are writing an `Arbitrary` /// implementation by hand, and your type can be part of a dynamically sized /// collection (such as `Vec`), you are strongly encouraged to override this - /// default with a better implementation. The - /// [`size_hint`] module will help with this task. + /// default with a better implementation, and also override [`try_size_hint`] + /// + /// ## How to implement this + /// + /// If the size hint calculation is a trivial constant and does not recurse into any other `size_hint` call, you should implement it in `size_hint`: + /// + /// ``` + /// use arbitrary::{size_hint, Arbitrary, Result, Unstructured}; + /// + /// struct SomeStruct(u8); + /// + /// impl<'a> Arbitrary<'a> for SomeStruct { + /// fn arbitrary(u: &mut Unstructured<'a>) -> Result { + /// let buf = &mut [0]; + /// u.fill_buffer(buf)?; + /// Ok(SomeStruct(buf[0])) + /// } + /// + /// #[inline] + /// fn size_hint(depth: usize) -> (usize, Option) { + /// let _ = depth; + /// (1, Some(1)) + /// } + /// } + /// ``` + /// + /// Otherwise, it should instead be implemented in [`try_size_hint`], + /// and the `size_hint` implementation should forward to it: + /// + /// ``` + /// use arbitrary::{size_hint, Arbitrary, MaxRecursionReached, Result, Unstructured}; + /// + /// struct SomeStruct { + /// a: A, + /// b: B, + /// } + /// + /// impl<'a, A: Arbitrary<'a>, B: Arbitrary<'a>> Arbitrary<'a> for SomeStruct { + /// fn arbitrary(u: &mut Unstructured<'a>) -> Result { + /// todo!() + /// } + /// + /// fn size_hint(depth: usize) -> (usize, Option) { + /// // Return the value of try_size_hint + /// // + /// // If the recursion fails, return the default, always valid `(0, None)` + /// Self::try_size_hint(depth).unwrap_or_default() + /// } + /// + /// fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + /// // Protect against potential infinite recursion with + /// // `try_recursion_guard`. + /// size_hint::try_recursion_guard(depth, |depth| { + /// // If we aren't too deep, then `recursion_guard` calls + /// // this closure, which implements the natural size hint. + /// // Don't forget to use the new `depth` in all nested + /// // `try_size_hint` calls! We recommend shadowing the + /// // parameter, like what is done here, so that you can't + /// // accidentally use the wrong depth. + /// Ok(size_hint::and( + /// ::try_size_hint(depth)?, + /// ::try_size_hint(depth)?, + /// )) + /// }) + /// } + /// } + /// ``` + /// + /// ## Invariant + /// + /// It must be possible to construct every possible output using only inputs + /// of lengths bounded by these parameters. This applies to both + /// [`Arbitrary::arbitrary`] and [`Arbitrary::arbitrary_take_rest`]. + /// + /// This is trivially true for `(0, None)`. To restrict this further, it + /// must be proven that all inputs that are now excluded produced redundant + /// outputs which are still possible to produce using the reduced input + /// space. + /// + /// [iterator-size-hint]: https://doc.rust-lang.org/stable/std/iter/trait.Iterator.html#method.size_hint + /// [`try_size_hint`]: Arbitrary::try_size_hint + #[inline] + fn size_hint(depth: usize) -> (usize, Option) { + let _ = depth; + (0, None) + } + + /// Get a size hint for how many bytes out of an `Unstructured` this type + /// needs to construct itself. + /// + /// Unlike [`size_hint`], this function keeps the information + /// that the recursion limit was reached. This is required to "short circuit" the calculation + /// and avoid exponential blowup with recursive structures. + /// + /// If you are implementing [`size_hint`] for a struct that could be recursive, you should implement `try_size_hint` and call the `try_size_hint` when recursing + /// + /// + /// The return value is similar to + /// [`Iterator::size_hint`][iterator-size-hint]: it returns a tuple where + /// the first element is a lower bound on the number of bytes required, and + /// the second element is an optional upper bound. + /// + /// The default implementation return the value of [`size_hint`] which is correct for any + /// type, but might lead to exponential blowup when dealing with recursive types. /// /// ## Invariant /// @@ -234,21 +348,24 @@ pub trait Arbitrary<'a>: Sized { /// outputs which are still possible to produce using the reduced input /// space. /// - /// ## The `depth` Parameter + /// ## When to implement `try_size_hint` /// /// If you 100% know that the type you are implementing `Arbitrary` for is /// not a recursive type, or your implementation is not transitively calling - /// any other `size_hint` methods, you can ignore the `depth` parameter. + /// any other `size_hint` methods, you just implement [`size_hint`], and the + /// default `try_size_hint` implementation will use it. /// Note that if you are implementing `Arbitrary` for a generic type, you /// cannot guarantee the lack of type recursion! /// - /// Otherwise, you need to use - /// [`arbitrary::size_hint::recursion_guard(depth)`][crate::size_hint::recursion_guard] + /// ## The `depth` parameter + /// + /// When implementing `try_size_hint`, you need to use + /// [`arbitrary::size_hint::try_recursion_guard(depth)`][crate::size_hint::try_recursion_guard] /// to prevent potential infinite recursion when calculating size hints for /// potentially recursive types: /// /// ``` - /// use arbitrary::{Arbitrary, Unstructured, size_hint}; + /// use arbitrary::{size_hint, Arbitrary, MaxRecursionReached, Unstructured}; /// /// // This can potentially be a recursive type if `L` or `R` contain /// // something like `Box>>`! @@ -268,27 +385,35 @@ pub trait Arbitrary<'a>: Sized { /// } /// /// fn size_hint(depth: usize) -> (usize, Option) { + /// // Return the value of try_size_hint + /// // + /// // If the recursion fails, return the default, always valid `(0, None)` + /// Self::try_size_hint(depth).unwrap_or_default() + /// } + /// + /// fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { /// // Protect against potential infinite recursion with - /// // `recursion_guard`. - /// size_hint::recursion_guard(depth, |depth| { + /// // `try_recursion_guard`. + /// size_hint::try_recursion_guard(depth, |depth| { /// // If we aren't too deep, then `recursion_guard` calls /// // this closure, which implements the natural size hint. /// // Don't forget to use the new `depth` in all nested - /// // `size_hint` calls! We recommend shadowing the + /// // `try_size_hint` calls! We recommend shadowing the /// // parameter, like what is done here, so that you can't /// // accidentally use the wrong depth. - /// size_hint::or( - /// ::size_hint(depth), - /// ::size_hint(depth), - /// ) + /// Ok(size_hint::or( + /// ::try_size_hint(depth)?, + /// ::try_size_hint(depth)?, + /// )) /// }) /// } /// } /// ``` + /// [iterator-size-hint]: https://doc.rust-lang.org/stable/std/iter/trait.Iterator.html#method.size_hint + /// [`size_hint`]: Arbitrary::size_hint #[inline] - fn size_hint(depth: usize) -> (usize, Option) { - let _ = depth; - (0, None) + fn try_size_hint(depth: usize) -> Result<(usize, Option), MaxRecursionReached> { + Ok(Self::size_hint(depth)) } } diff --git a/src/size_hint.rs b/src/size_hint.rs index 045c148..821752e 100644 --- a/src/size_hint.rs +++ b/src/size_hint.rs @@ -1,6 +1,8 @@ //! Utilities for working with and combining the results of //! [`Arbitrary::size_hint`][crate::Arbitrary::size_hint]. +pub(crate) const MAX_DEPTH: usize = 20; + /// Protects against potential infinite recursion when calculating size hints /// due to indirect type recursion. /// @@ -8,12 +10,14 @@ /// size hint. /// /// Otherwise, returns the default size hint: `(0, None)`. +/// +/// #[inline] +#[deprecated(note = "use `try_recursion_guard` instead")] pub fn recursion_guard( depth: usize, f: impl FnOnce(usize) -> (usize, Option), ) -> (usize, Option) { - const MAX_DEPTH: usize = 20; if depth > MAX_DEPTH { (0, None) } else { @@ -21,6 +25,27 @@ pub fn recursion_guard( } } +/// Protects against potential infinite recursion when calculating size hints +/// due to indirect type recursion. +/// +/// When the depth is not too deep, calls `f` with `depth + 1` to calculate the +/// size hint. +/// +/// Otherwise, returns an error. +/// +/// This should be used when implementing [`try_size_hint`](crate::Arbitrary::try_size_hint) +#[inline] +pub fn try_recursion_guard( + depth: usize, + f: impl FnOnce(usize) -> Result<(usize, Option), crate::MaxRecursionReached>, +) -> Result<(usize, Option), crate::MaxRecursionReached> { + if depth > MAX_DEPTH { + Err(crate::MaxRecursionReached) + } else { + f(depth + 1) + } +} + /// Take the sum of the `lhs` and `rhs` size hints. #[inline] pub fn and(lhs: (usize, Option), rhs: (usize, Option)) -> (usize, Option) { diff --git a/tests/derive.rs b/tests/derive.rs index bca6cfe..25e2eed 100644 --- a/tests/derive.rs +++ b/tests/derive.rs @@ -149,13 +149,86 @@ enum RecursiveTree { }, } +#[derive(Arbitrary, Debug)] +struct WideRecursiveStruct { + a: Option>, + b: Option>, + c: Option>, + d: Option>, + e: Option>, + f: Option>, + g: Option>, + h: Option>, + i: Option>, + k: Option>, +} + +#[derive(Arbitrary, Debug)] +enum WideRecursiveEnum { + None, + A(Box), + B(Box), + C(Box), + D(Box), + E(Box), + F(Box), + G(Box), + H(Box), + I(Box), + K(Box), +} + +#[derive(Arbitrary, Debug)] +enum WideRecursiveMixedEnum { + None, + A(Box), + B(Box), + C(Box), + D(Box), + E(Box), + F(Box), + G(Box), + H(Box), + I(Box), + K(Box), +} + +#[derive(Arbitrary, Debug)] +struct WideRecursiveMixedStruct { + a: Option>, + b: Option>, + c: Option>, + d: Option>, + e: Option>, + f: Option>, + g: Option>, + h: Option>, + i: Option>, + k: Option>, +} + #[test] fn recursive() { let raw = vec![1, 2, 3, 4, 5, 6, 7, 8, 9]; let _rec: RecursiveTree = arbitrary_from(&raw); + let _rec: WideRecursiveStruct = arbitrary_from(&raw); + let _rec: WideRecursiveEnum = arbitrary_from(&raw); + let _rec: WideRecursiveMixedStruct = arbitrary_from(&raw); + let _rec: WideRecursiveMixedEnum = arbitrary_from(&raw); + + assert_eq!((0, None), ::size_hint(0)); + assert_eq!((0, None), ::size_hint(0)); + assert_eq!( + (0, None), + ::size_hint(0) + ); + assert_eq!( + (0, None), + ::size_hint(0) + ); let (lower, upper) = ::size_hint(0); - assert_eq!(lower, 4, "need a u32 for the discriminant at minimum"); + assert_eq!(lower, 0, "Cannot compute size hint of recursive structure"); assert!( upper.is_none(), "potentially infinitely recursive, so no upper bound" From b6991cef30701e7b1a0cba62e514a6de12cb26f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sosth=C3=A8ne=20Gu=C3=A9don?= Date: Wed, 18 Sep 2024 11:04:41 +0200 Subject: [PATCH 2/2] Make MaxRecursionReached error possible to evolve in the future --- src/lib.rs | 5 +++-- src/size_hint.rs | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index ffdf462..79f26e8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -39,8 +39,9 @@ pub use derive_arbitrary::*; pub use unstructured::Unstructured; /// Error indicating that the maximum recursion depth has been reached while calculating [`Arbitrary::size_hint`]() -#[derive(Debug, Clone, Copy)] -pub struct MaxRecursionReached; +#[derive(Debug, Clone)] +#[non_exhaustive] +pub struct MaxRecursionReached {} impl core::fmt::Display for MaxRecursionReached { fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { diff --git a/src/size_hint.rs b/src/size_hint.rs index 821752e..95707ee 100644 --- a/src/size_hint.rs +++ b/src/size_hint.rs @@ -40,7 +40,7 @@ pub fn try_recursion_guard( f: impl FnOnce(usize) -> Result<(usize, Option), crate::MaxRecursionReached>, ) -> Result<(usize, Option), crate::MaxRecursionReached> { if depth > MAX_DEPTH { - Err(crate::MaxRecursionReached) + Err(crate::MaxRecursionReached {}) } else { f(depth + 1) }