Skip to content

buffer: Audit for panics and refactor #662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jerrysxie merged 1 commit into from
Dec 24, 2025
Merged

buffer: Audit for panics and refactor #662

jerrysxie merged 1 commit into from
Dec 24, 2025

Conversation

@kurtjd
Copy link
Contributor

@kurtjd kurtjd commented Dec 23, 2025
edited
Loading

Removed panic paths from the buffer module. Instead made methods fallible and introduced an Error type.

Because certain traits are used with methods that assume infallibility (such as the drop and borrow traits), I couldn't just make these return a result. Instead, I added a Poisoned status so in the off chance that a drop or borrow call would have panicked originally, the buffer is marked poisoned and will return a Poisoned error on future accesses.

This also breaks the interfaces of a few services. For these I added a Buffer error and made methods fallible if necessary. I'm not a fan of this since any buffer errors represent an internal programming bug to the service and not something the user should expect/handle, and this breaks encapsulation. I do not want to silently just ignore buffer errors, so I'm not sure what other alternative there is here (open to suggestions).

Edit: Thinking about maybe renaming the Buffer error variant of these services to Internal or something. I'd prefer to make it more clear when an error represents an internal invariant being broken that is not something meant to be handled by the caller in any practical manner. It would act as a catchall since the specifics of what caused the error are implementation details that could change any time and not something the caller should be concerned with.

Also introduced a Never type alias which is useful now that some functions represent never-ending tasks which should never return unless there is an error (see related discussion: #634 (comment)).

Resolves #659

@kurtjd kurtjd self-assigned this Dec 23, 2025
@kurtjd kurtjd requested a review from a team as a code owner December 23, 2025 00:21
@kurtjd kurtjd added the BREAKING CHANGE Marks breaking changes label Dec 23, 2025
@kurtjd kurtjd requested review from a team as code owners December 23, 2025 00:21
@kurtjd kurtjd moved this to In review in Embedded Controller Dec 23, 2025
@kurtjd kurtjd force-pushed the audit-buffer branch 6 times, most recently from d36bf7b to 60a4319 Compare December 23, 2025 01:03
madeleyneVaca
madeleyneVaca previously approved these changes Dec 23, 2025
View reviewed changes
jerrysxie
jerrysxie previously approved these changes Dec 23, 2025
View reviewed changes
@jerrysxie
Copy link
Contributor

jerrysxie commented Dec 23, 2025

@kurtjd Don't forget to announce on Zulip once it is ready to be merged, thanks!

@kurtjd kurtjd dismissed stale reviews from jerrysxie and madeleyneVaca via 346d04a December 23, 2025 20:48
@kurtjd kurtjd requested a review from madeleyneVaca December 23, 2025 22:06
bramsdell-ms
bramsdell-ms reviewed Dec 23, 2025
View reviewed changes
@jerrysxie
Copy link
Contributor

jerrysxie commented Dec 24, 2025

Bypassed policy and merge since people are on vacation.

@jerrysxie jerrysxie merged commit b195d23 into OpenDevicePartnership:main Dec 24, 2025
14 checks passed
@github-project-automation github-project-automation bot moved this from In review to Done in Embedded Controller Dec 24, 2025
@kurtjd
Copy link
Contributor Author

kurtjd commented Dec 24, 2025

Zulip announcement: https://opendevicepartnership.zulipchat.com/#narrow/channel/495405-embedded-controller/topic/embedded-services.20buffer.20breaking.20changes/with/565229931

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerrysxie jerrysxie jerrysxie approved these changes

@madeleyneVaca madeleyneVaca madeleyneVaca approved these changes

@asasine asasine Awaiting requested review from asasine

@ayodejiige ayodejiige Awaiting requested review from ayodejiige

@JWL-surface JWL-surface Awaiting requested review from JWL-surface

@chchongmsft chchongmsft Awaiting requested review from chchongmsft chchongmsft is a code owner automatically assigned from OpenDevicePartnership/ec-battery-team

@thdesil thdesil Awaiting requested review from thdesil thdesil is a code owner automatically assigned from OpenDevicePartnership/ec-battery-team

@gjpmsft gjpmsft Awaiting requested review from gjpmsft gjpmsft is a code owner automatically assigned from OpenDevicePartnership/ec-usb-c-pd-team

@wmmc88 wmmc88 Awaiting requested review from wmmc88 wmmc88 is a code owner automatically assigned from OpenDevicePartnership/ec-hid-team

@RobertZ2011 RobertZ2011 Awaiting requested review from RobertZ2011 RobertZ2011 is a code owner automatically assigned from OpenDevicePartnership/ec-hid-team

@tullom tullom Awaiting requested review from tullom tullom is a code owner automatically assigned from OpenDevicePartnership/ec-espi-team

@philgweber philgweber Awaiting requested review from philgweber philgweber is a code owner automatically assigned from OpenDevicePartnership/ec-espi-team

+1 more reviewer

@bramsdell-ms bramsdell-ms bramsdell-ms left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@kurtjd kurtjd

Labels

BREAKING CHANGE Marks breaking changes

Projects

Embedded Controller
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Audit buffer

4 participants

@kurtjd @jerrysxie @madeleyneVaca @bramsdell-ms