Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add clippy -Awarnings to CI and fix unsound fn #1357

Merged
merged 6 commits into from
Oct 31, 2023
Merged

Add clippy -Awarnings to CI and fix unsound fn #1357

merged 6 commits into from
Oct 31, 2023

Conversation

workingjubilee
Copy link
Member

@workingjubilee workingjubilee commented Oct 28, 2023
edited
Loading

I have resolved to grumble less about clippy: it detected serious soundness issues related to the implementation of pg_aggregate after I ran it over the repo (ignoring all the warnings, of course). These functions are publicly reachable but unsafe to use, as they may accept and dereference e.g. null pointers.

Add clippy to CI, but allow all warnings, so it only monitors correctness lints. Mark the relevant unsound pub fn as unsafe, catching:

  • aggregate::Aggregate::in_memory_context
  • htup::heap_tuple_get_datum

@workingjubilee workingjubilee changed the title Mark unsound pub fn as unsafe Mark unsound htup + aggregate pub fn as unsafe Oct 28, 2023
@workingjubilee workingjubilee mentioned this pull request Oct 28, 2023
Merged
workingjubilee added a commit that referenced this pull request Oct 28, 2023
@workingjubilee
Satisfy clippy errors on 7 of 8 crates (#1358)
2f15665 
This does more cleanup in the vein of weakening needless bounds.
- #1355

The "main point" is some no-op "make clippy happy" refactoring.
This permits running `cargo clippy` without getting *errors* (it still
issues literally hundreds of warnings) on most of the repository's
crates. It does not solve this for `pgrx` itself, as clippy detected a
more serious issue there, and that issue is instead its own PR:
- #1357
workingjubilee
workingjubilee commented Oct 28, 2023
View reviewed changes
pgrx-sql-entity-graph/src/aggregate/mod.rs
Comment on lines +302 to +307
unsafe {
<#target_path as ::pgrx::aggregate::Aggregate>::in_memory_context(
fcinfo,
move |_context| <#target_path as ::pgrx::aggregate::Aggregate>::state(this, (#(#arg_names),*), fcinfo)
)
}
Copy link
Member Author

@workingjubilee workingjubilee Oct 28, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I honestly am not entirely sure if this is actually correct to assert, either, but I think this fn in practice only gets called by Postgres, making this one of the many undocumented unsafe blocks to audit later. ^^;

@workingjubilee workingjubilee mentioned this pull request Oct 28, 2023
Open
@workingjubilee
Mark actually-unsafe pub fn as unsafe
09d507e 
These fn are unsound to expose as safe functions.
@workingjubilee
Make unsafe assertions in aggregate codegen
c1dfec6 
These may be completely unjustified, but they probably hold.
@workingjubilee
Add clippy with -Awarnings to CI
1cf6fb5
@workingjubilee workingjubilee changed the title Mark unsound htup + aggregate pub fn as unsafe Add clippy -- -Awarnings to CI and fix unsound fn Oct 31, 2023
@workingjubilee workingjubilee changed the title Add clippy -- -Awarnings to CI and fix unsound fn Add clippy -Awarnings to CI and fix unsound fn Oct 31, 2023
@workingjubilee workingjubilee merged commit 97014e7 into pgcentralfoundation:develop Oct 31, 2023
8 checks passed
@workingjubilee workingjubilee deleted the cleanup-heaptuple-and-agg-fn branch October 31, 2023 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomcc thomcc Awaiting requested review from thomcc

Assignees
No one assigned
Labels
breaks-API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@workingjubilee