chore(rpc): guard against todo!() in dispatched RPC handlers (S02-2)#9
Open
orrinfrazier wants to merge 1 commit into
Open
chore(rpc): guard against todo!() in dispatched RPC handlers (S02-2)#9orrinfrazier wants to merge 1 commit into
orrinfrazier wants to merge 1 commit into
Conversation
Add a `syn`-based `#[cfg(test)]` guard (S02-2) that scans the cuprated RPC
dispatch tables (`map_request` in handlers/{json_rpc,other_json,bin}.rs) and
fails if any *live-dispatched* handler transitively contains a reachable
`todo!()`/`unimplemented!()`. Today these todos are dead (dispatch routes them
to `not_available()`), but the guard prevents re-introducing Cuprate#522-class panics
as handlers are wired in toward v1.0.0.
The current allowlist holds exactly the one known live-dispatched todo,
`json_rpc::get_output_distribution` (tracked separately). Exact-equality makes
the allowlist a two-way ratchet: a newly-dispatched todo fails the test, and
removing the last todo from an allowlisted handler also fails it.
Test-only change: adds `syn` as a workspace dev-dependency (already in the
lockfile, no new crates) and `#[cfg(test)] mod todo_guard;`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #19
Summary
syn-based#[cfg(test)]guard so a live-dispatched cuprated RPC handler cannot contain a reachabletodo!()/unimplemented!()— preventing re-introduction of Cuprate Crash Starting RPC Server Cuprate/cuprate#522-class panics as the RPC surface is completed toward v1.0.0.todo!()-bearing handler except one is dead (dispatch routes it tonot_available()); the guard locks that invariant in.How it works
dispatched_todo_violations()parses eachmap_requestmatch, collects the handlers that are actually dispatched (arms calling a handler fn other thannot_available()), follows the call graph — includingshared::/helper::delegation — to a fixpoint taint set, and asserts the violation set exactly equals anALLOWLIST.The allowlist currently holds exactly
("json_rpc", "get_output_distribution")— the one real live-dispatchedtodo!()(it delegates toshared::get_output_distribution, tracked separately). Exact-equality is a two-way ratchet:todo!()fails the test (regression guard), andtodo!()from an allowlisted handler also fails it (forces allowlist cleanup — so this test will go red when theget_output_distributionfix lands; delete the entry then).Changes
binaries/cuprated/src/rpc/handlers/todo_guard.rs— new, test-only (#[cfg(test)]): the scanner + 11 tests.binaries/cuprated/src/rpc/handlers.rs—+ #[cfg(test)] mod todo_guard;Cargo.toml/binaries/cuprated/Cargo.toml—synas a workspace dev-dependency (already in the lockfile → no new crates,cargo-denyunaffected).Testing
cupratedsuite green (22 lib tests, 0 failures).cargo clippy --all-targets --all-features -- -D warnings,cargo fmt --check, andcargo deny check bans licenses sourcesall clean.GetInfoto itstodo!()-bearingget_infohandler makes the guard fail with{(json_rpc, get_info), (json_rpc, get_output_distribution)}and an actionable message — confirming the guard catches the regression it exists to prevent.Review notes
Reviewed via 3-way cross-family consensus (Claude + Gemini + Codex), which caught and fixed three latent false-negative gaps before merge: direct cross-module dispatch (
shared::fooin an arm),helper.rsnot being scanned, and the dispatch-matchselection assuming the firstmatch.