(5) chore(lints): silence clippy::pedantic nits across workspace#1563
Open
daniel-noland wants to merge 27 commits into
Open
(5) chore(lints): silence clippy::pedantic nits across workspace#1563daniel-noland wants to merge 27 commits into
daniel-noland wants to merge 27 commits into
Conversation
Sweep direct `use std::sync::{Arc, Mutex, RwLock, atomic::*}` imports
across the workspace to `concurrency::sync` so loom/shuttle test builds
can route through instrumented primitives via one feature flip.
Two enforcement layers:
* `clippy.toml` extends `disallowed-types` for the lock primitives.
parking_lot's lock types are distinct concrete types, so clippy
sees through the `concurrency::sync` re-export without flagging
legitimate uses.
* `.semgrep/rules/no-std-sync-direct.yaml` covers the rest (`Arc`,
`Weak`, atomics, `LazyLock`, `OnceLock`, `Once`, `Barrier`,
`Condvar`) where clippy's alias resolution can't distinguish the
facade re-export from `std::sync`. The `concurrency` crate and its
tests are exempt by path.
`mgmt/tests/reconcile.rs` keeps a direct `std::sync::Mutex` because
bolero's `catch_unwind` needs `RefUnwindSafe`, which parking_lot's
`Mutex` doesn't impl. Documented inline with `clippy::disallowed_types`
allow + `nosemgrep` annotation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
`std::thread::Builder::spawn_scoped` is inherent on std but missing on
the loom and shuttle Builders; both ship `Scope::spawn` instead. Add a
`concurrency::thread::BuilderExt` trait with one method:
* std: forwards to the inherent `Builder::spawn_scoped` via
fully-qualified call (Rust's method resolution prefers the
inherent, so the trait impl is dead but kept for symmetry).
* shuttle / loom: discards advisory Builder config, delegates to
`Scope::spawn`, wraps the infallible return in `Ok` to match
std's `io::Result` signature.
`use concurrency::thread::BuilderExt;` lets call sites write
`builder.spawn_scoped(scope, f)` under every backend. Used by the
kernel driver's named scoped threads in a follow-up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Collapse the chained `shuttle_dfs -> shuttle_pct -> shuttle` features into a single `shuttle` feature backed by `shuttle::PortfolioRunner`. The runner drives `RandomScheduler` and `PctScheduler` in parallel; any scheduler finding a counterexample fails the test (`stop_on_first_failure = true`). `shuttle_dfs` becomes an additive opt-in that adds `DfsScheduler` to the same portfolio. `stress.rs` now has one shuttle arm instead of three, and `#[concurrency::test]` emits one leaf per backend (`loom` / `shuttle`) instead of three shuttle variants. Workspace consumers (`nat`, `flow-entry`) and CI (`dev.yml`) drop the `shuttle_pct` step; the existing `shuttle` step covers Random + PCT in one pass. Tests previously gated `not(feature = "shuttle_pct")` to opt out of single-threaded bodies that PCT panics on are rewritten to `not(feature = "shuttle")` since PCT now runs in every shuttle build. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Tier A of the std::thread sweep that complements the `concurrency::sync`
facade migration. Swap `use std::thread` to `use concurrency::thread`
in two test modules whose tests are candidates for
`#[concurrency::test]` conversion:
* `routing/src/fib/test.rs` -- prerequisite for the FIB race-test
conversion later in the stack.
* `dpdk/src/acl/mod.rs::classify_concurrent_arc_shared` -- import
swap only; the test runs under real DPDK EAL so the macro
conversion is deferred.
Production threading sites (`dpdk/src/lcore.rs`, `mgmt/src/processor/
launch.rs`, `routing/src/router/rio.rs`, `dataplane/src/statistics`,
`test-utils`) are left alone -- they need real OS threads and never
compile under loom/shuttle. A later sweep adds clippy/semgrep
enforcement once production sites are also routed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Tier B of the std::thread sweep. `ThreadPortMap` keys a per-thread `RwLock<HashMap<ThreadId, _>>` by `std::thread::current().id()`. Each backend ships its own `ThreadId`, so a std-typed map would silently work in production while loom/shuttle key the table by their own thread identity. Route the import and call sites through `concurrency::thread` so the key tracks the active backend. No behavioural change under the default backend. Prerequisite for any future loom/shuttle exercise of the NAT allocator. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Replace the hand-rolled `shuttle::check_random(... 100)` wrappers in `shuttle_tests` with `#[concurrency::test]`, which routes bodies through `concurrency::stress` (loom `model`, shuttle `PortfolioRunner`). The module is renamed `concurrency_tests` and gated to `cfg(any(feature = "shuttle", feature = "loom"))`. `FlowTable::insert` spawns a tokio task for the flow timer, which would panic without a running runtime; the existing `start_timer` bypass under shuttle is extended to loom. Tokio-driven coverage of `insert` stays in `std_tests`. `test_flow_table_timeout` is dropped from the model-checker mod: it's single-threaded (PCT rejects), and `std_tests` already has the authoritative `#[tokio::test(start_paused = true)]` version. Adds `loom = ["concurrency/loom"]` to `flow-entry/Cargo.toml` so the macro-emitted cfg arm resolves to a known feature. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Move `test_fib_removals` and `test_leftright_destroy_race_simple` out of the `#[concurrency_mode(std)]` block into a sibling `concurrency_tests` module that runs through `#[concurrency::test]`: default backend smoke run, `loom::model` under loom, shuttle's PortfolioRunner under shuttle. The heavy fuzz loops (`test_concurrency_fib` / `test_concurrency_fibtable`) stay on std -- their 100k+ packet iteration counts are TSAN-calibrated, not for per-iteration model-checking cost. Iteration counts are tuned per backend via `cfg_select!`: 5 rounds under loom/shuttle (vs 1000 on std), with a fixed reader/worker budget under the model checkers so unbounded poll loops don't trip shuttle's `max_steps` ceiling. `test_packet` is inlined because the original lives in the std-gated `mod tests` and is invisible under loom/shuttle. Add `loom`, `shuttle`, `shuttle_dfs` features to `routing/Cargo.toml` so the macro-emitted cfg arms resolve to known features. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Bump `concurrency::stress`'s shuttle `Config::stack_size` from the default 32 KiB to 4 MiB. Shuttle wraps each atomic/lock primitive with bookkeeping that pushes per-instance size into the 100-byte range (an `AtomicBool` is ~100 bytes under shuttle), so any non-trivial atomic-heavy body blows through the default. The historical workaround was per-call `shuttle::Config` overrides at 1 MiB (notably in NAT's allocator tests). One number in the dispatcher kills the per-test knob. 4 MiB carries the heaviest workspace consumer (NAT allocator's per-block atomic arrays) with headroom; the cost is `N workers * 4 MiB` per stress iteration, well below CI memory pressure. `shuttle::Config` is `#[non_exhaustive]`, so written as a mutation of `Config::default()`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Now that `concurrency::stress` carries a 4 MiB shuttle stack and the
PortfolioRunner runs Random + PCT in parallel, the custom
`shuttle_config` / `run_shuttle_random` / `run_shuttle_pct`
scaffolding in `tests_shuttle` is redundant. Replace with a single
`mod concurrency_tests` that flips each test to `#[concurrency::test]`:
* `test_concurrent_allocations_two_ips` (was
`..._without_shuttle`) -- two threads against distinct source IPs;
smoke run on default backend, full coverage on
`--features shuttle`.
* `test_concurrent_allocations_three_workers` (was
`..._shuttle_random` + `_pct`, collapsed) -- portfolio runs both
schedulers in one invocation.
* `test_ensure_shuttle_works` -- gated to model-checker backends
only; the deliberate race only reaches the failing schedule under
a real scheduler, the default backend's one-shot run is
non-deterministic.
Drops the helpers plus the `Arc` / `thread` imports in `std_tests`
that they pulled in. Adds `loom = ["concurrency/loom"]` to
`nat/Cargo.toml` so the macro-emitted cfg arm resolves.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Make `just features=loom test` build and run end-to-end across the
workspace. Earlier commits had loom working only on the `concurrency`
crate; everything else failed to compile or crashed at runtime with
stack overflow, Arc leak, or DashMap destructor panics. Bundled into
one commit because each fix was discovered by running the previous
one.
## concurrency
* `fn sleep(_: Duration)` shim under loom (loom 0.7 doesn't model
time; yields to the scheduler so the call still acts as a
schedule point).
* Enumerate `loom::thread` re-exports and shadow `spawn` with a
4 MiB default stack. Loom 0.7's default coroutine stack is 4 KiB,
which overflows trivially under atomic-heavy `concurrency::sync`
types.
* `stress` under loom wraps the body in a 4 MiB
`Builder::spawn` so the main 4 KiB coroutine just spawns and
joins. Costs one of loom's five thread slots.
* `loom_scope::Scope::spawn` routes through `super::spawn` for the
same default.
* `Slot::load()` / `SlotOption::load()` helpers used by
`common::cliprovider` to drop a redundant `load_full()` clone.
## nat
* `cfg_attr`-gate `#![feature(arbitrary_self_types)]`: loom wraps
`Arc<T>` in a facade newtype that isn't a blessed self-receiver,
so `self: Arc<Self>` methods on `AllocatedIp` /
`AllocatedPortBlock` need the unstable feature there.
* `#[concurrency_mode(loom)]` no-op `shuffle_slice` (loom needs
determinism for replay; shuffle is allocation-order heuristic,
not correctness).
* Gate `concurrency_tests` off loom: the facade's `Weak` shim holds
a strong clone of the `Arc`, so the allocator's
`Weak::upgrade().is_none()` liveness signal never fires and
loom's `Arc leaked` assertion catches it.
## flow-entry
* Gate `concurrency_tests` to shuttle only: `FlowTable`'s internal
`DashMap` panics in loom's end-of-execution cleanup (sharded
`RwLock`s don't fit loom's strict lifecycle accounting).
## routing
* Gate `fib::test::concurrency_tests` off loom: the `left_right`
epoch state space is too large for exhaustive search to terminate
in reasonable time.
## dataplane
* The binary builds an `Arc<dyn Fn(...) ...>` trait-object closure
in `packet_processor::setup_internal`, which needs `CoerceUnsized`
on the concrete `Arc`. Loom 0.7's `Arc` doesn't carry that trait,
and the facade newtype can't add it. Gate the bin out of loom
builds: extract the body to `dataplane/src/runtime.rs` and leave
`main.rs` with a stub `main` under loom that panics if invoked.
Library crates still get loom coverage through feature
propagation.
* `dataplane/src/drivers/dpdk.rs` switches `use crate::CmdArgs` to
`use args::CmdArgs;` to follow the new module layout.
CI's loom step in `.github/workflows/dev.yml` still scopes to
`--package=dataplane-concurrency` because the loom-incompatible tests
across the workspace are now cfg-gated rather than package-filtered;
the package scope is no longer load-bearing for the test invocation,
only for cargo's feature unification.
Default and `--features shuttle` builds unaffected.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Leftover from the superseded dis-guard exploration; nothing references it. Public-API drift in `concurrency::slot` for no benefit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
The import-only enforcement let `static X: std::sync::LazyLock<T> = std::sync::LazyLock::new(...)` slip through, and one such site already existed in `config/src/external/overlay/vpcpeering.rs`. Extend the rule with a multi-line regex backstop that matches the facade-managed type names in any expression position, with a leading-comment lookahead so rustdoc intra-doc links (`/// [std::sync::Arc]`) don't false-positive. Also expand the grouped-import regex to span multiple lines. Convert the offending FQN to `concurrency::sync::LazyLock`. Move the deliberate `mgmt/tests/reconcile.rs` `nosemgrep:` onto the same line as the `std::sync::Mutex::new` it suppresses, and annotate the intentional `std::sync::Arc` in `concurrency::stress` (shared *across* `loom::model` invocations, so it must remain a std Arc). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
The previous loom step ran `just test concurrency` only, which left the workspace-wide loom compile (the whole point of the facade's local `Weak<T>` shim and `Arc::downgrade`) unprotected. Add a `cargo check`-equivalent step ahead of the test run so a regression in any consumer crate fails CI directly. Tests stay scoped to the concurrency crate -- model-checking the whole workspace under loom is intractable. Update the inline comment to reflect the new reality. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add the plumbing that lets cargo execute cross-compiled tests under
qemu-user when the host architecture doesn't match the target:
* `scripts/test-runner.sh` -- thin wrapper. When `MIRI_SYSROOT` is
set we delegate to `.cargo-miri-wrapped` so a miri run on a
matching host arch still goes through the miri interpreter
instead of running natively under qemu. Otherwise: native exec
when target == host, else `qemu-${target_machine}`.
* `.cargo/config.toml` -- runner entries for the four cross triples
we ship (x86_64 / aarch64 × gnu / musl). Explicit triples (not
cfg-patterns) because cargo miri injects a `cfg(all())` runner
and refuses to disambiguate between two cfg-pattern matches; the
explicit form wins method-resolution-style and the script's
`MIRI_SYSROOT` branch handles the miri case from inside.
* `default.nix` -- `qemu-user` joins the dev shell so the wrapper
has `qemu-x86_64` / `qemu-aarch64` on PATH locally and in CI.
No CI behaviour change yet -- this just makes `cargo test --target
<cross-triple>` work via emulation when run by hand. The CI step
that actually exercises the path lands in the next commit.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Add a `test` step to the cross job that runs the full nextest suite
against the cross-compiled archive. Each cross binary dispatches
through `scripts/test-runner.sh` (registered as the cargo runner in
`.cargo/config.toml`) which delegates to `qemu-${target_machine}`
when the host architecture doesn't match.
Gates:
* Only runs on `pull_request` runs with `ci:+cross` or
`ci:+cross/full` on the labels. push / merge_group cross legs
stay build-only; ISA emulation pays a real wall-clock cost and
we don't want to slow the merge queue.
* Gated to `matrix.recipe.args == 'dataplane'` so the test pass
isn't duplicated for the `frr.dataplane` row, which differs from
the `dataplane` row only in the container recipe, not in the
cross target.
`ci:+cross` (today's "run the cross job at all" label) implies
"include the qemu test pass" -- there is currently no way to
schedule cross/full builds without a label, so the same gate
serves both modes. Splitting them out (e.g. opting bump.yml into
cross/full automatically) is a follow-up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
The test hard-codes `3` as a "non-multiple of `RESULTS_MULTIPLIER`" which assumes the multiplier is 4 (x86_64). Under cross-compiled aarch64 builds the wrapper's `RESULTS_MULTIPLIER` constant binds to 1 -- the validator's "not-a-multiple" branch becomes unreachable because every positive integer is trivially a multiple of 1, so the validator returns `Ok` and the test panics on the `matches!` assert. Upstream DPDK defines `RTE_ACL_RESULTS_MULTIPLIER` as `XMM_SIZE / sizeof(uint32_t)`, which should be 4 on every supported ISA. Either bindgen on the cross sysroot doesn't see the right `XMM_SIZE` typedef on aarch64 or the cross headers ship a divergent `rte_vect.h`; needs a follow-up investigation. Skip on aarch64 with a TODO so the rest of the cross-aarch64 test surface can run green under qemu-user. This is the only known target-specific divergence in the dpdk binding; the rest of the sweep passes cleanly under musl+qemu. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Introduce a single `emulated` cfg as the umbrella over both
emulation backends in the test surface:
* `miri.just`: append `--cfg=emulated` to `RUSTFLAGS` so miri
invocations set it.
* `nix/profiles.nix`: set `--cfg=emulated` whenever `for-tests` is
true and the target arch differs from the build host's
(`is-emulated-test`). Today this covers cross-arch test builds
that run under qemu-user on the lab runners. `--check-cfg=cfg
(emulated)` is set unconditionally so unused branches don't
trip `unexpected_cfgs`.
* `default.nix`: plumb the build host's arch
(`stdenv.hostPlatform.parsed.cpu.name`) through to
`profiles.nix` as `host-arch`, so `is-emulated-test` compares
target against actual host rather than hard-coded \`"x86_64"\`.
* `.cargo/config.toml`: same `--check-cfg=cfg(emulated)` for the
native dev build path.
Sweep existing `cfg_attr(miri, ignore)` / `cfg(miri)` / `cfg_select!
{ miri => N }` sites that apply equally to qemu-user:
* `routing/src/router/rio.rs`, `routing/src/frr/test.rs`,
`routing/src/atable/resolver.rs`, `cli/src/cliproto.rs`: tests
that bind Unix domain sockets / read kernel-state files now
skip under any emulation backend, not just miri. qemu-user's
epoll readiness emulation has the same gaps that justified the
original miri skips.
* `routing/src/fib/test.rs`, `net/src/packet/hash.rs`,
`flow-entry/src/flow_table/nf_lookup.rs`,
`left-right-tlcache/src/lib.rs`, `k8s-intf/src/bolero/support
.rs`, `config/src/utils/collapse.rs`: per-arm iteration counts
in `cfg_select!` are now keyed by `emulated` rather than `miri`.
qemu-user runs at ~5-10x slowdown vs native and the original
miri count (which targeted miri's much steeper slowdown) is
still a sensible upper bound for qemu-user too.
Pair this with two CI/runtime side changes:
* `.config/nextest.toml`: new `cross-qemu` nextest profile sets a
`slow-timeout = { period = "60s", terminate-after = 5 }` so a
qemu hang gets killed and surfaces as a TIMEOUT in the report
instead of wedging the whole run. `fail-fast` is permissive
so we collect the full list of qemu-affected tests in one go.
* `.github/workflows/dev.yml`: cross-job `test` step is
restricted to `matrix.libc == 'musl'` because gnu's libgcc_s
unwinder mis-handles qemu-user's emulated signal frames on
aarch64 (every panic-unwind path turns into SIGABRT). musl's
LLVM libunwind walks those frames correctly, so musl legs run
the full suite clean; gnu legs stay build-only until/unless we
fix the gnu unwinder story.
* `.gitignore`: ignore `**/qemu_*.core` so the SIGABRT cores
qemu drops when running gnu cross binaries locally don't show
up in `git status`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
It is much too slow to print to stdout like this under qemu-user or miri. Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Two halves of one logical change:
* `.github/workflows/dev.yml`: extend the cross job's `if:` to fire
on `ci:+cross/full` in addition to `ci:+cross`, so a PR labeled
only with `ci:+cross/full` (no `ci:+cross`) still gets cross.
* `.github/workflows/bump.yml`: auto-apply `ci:+cross/full` to the
weekly cargo-upgrades PR.
The weekly cargo-upgrades PR is the right place to catch cross-arch
regressions introduced by transitive dep churn (a crate dropping an
aarch64 target, changing alignment, etc.). Without an opt-in label
the cross job stays build-only on PR runs, so we add
\`ci:+cross/full\` alongside the existing \`automated\` and
\`dependencies\` labels. Today that label triggers the qemu-user
test step on the existing 4-leg cross matrix; once the matrix
scope split lands, the same label will expand the matrix to the
full hardware x libc sweep without further changes here.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Cross stays advisory (`continue-on-error: true`) on every PR, push,
and merge_group run, so leg flakes never block merge. That's the
right default for interactive PRs and the merge queue, but it makes
genuine cross failures easy to miss on the weekly cargo-bump PR
(auto-labeled `ci:+cross/full`), where catching upstream-driven
aarch64 regressions is the whole point.
Add a sticky-comment surfacing step:
* New composite action `.github/actions/sticky-pr-comment` --
create-or-update a PR comment keyed by an HTML-comment marker
(so subsequent runs find and update the same comment instead of
spamming the thread).
* New steps in the `summary` job that read the cross matrix's
real per-leg conclusions from the Actions REST API (via
`actions/github-script`) and, if any leg failed, post the
sticky comment with a link back to the failing run. The
summary job grows `pull-requests: write` (for the comment) and
`actions: read` (for the API call).
We can't gate on `needs.cross.result` here: at the job level,
`continue-on-error: true` makes that always report `success` to
dependents, which is exactly the property we want for merge
gating but which also hides the failure from this step. Reading
the underlying job results sidesteps the masking.
The alternative -- making cross blocking when `ci:+cross/full` is
present -- creates an attribution trap: a non-labeled PR that
silently regresses cross would land on main, and the next
cross/full-labeled bump PR would inherit the broken main and read
as "the bump caused the regression." A sticky comment gives
reviewers a loud in-PR signal without that misattribution risk and
preserves the "leg-flake doesn't block merge" property uniformly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Signed-off-by: Daniel Noland <daniel@githedgehog.com>
Signed-off-by: github-actions[bot] <224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>
Signed-off-by: github-actions[bot] <224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>
name old req compatible latest new req ==== ======= ========== ====== ======= netgauze-bgp-pkt 0.12.0 0.12.1 0.12.1 0.12.1 Signed-off-by: github-actions[bot] <224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>
name old req compatible latest new req ==== ======= ========== ====== ======= netgauze-bmp-pkt 0.12.0 0.12.1 0.12.1 0.12.1 Signed-off-by: github-actions[bot] <224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>
name old req compatible latest new req ==== ======= ========== ====== ======= serde_json 1.0.149 1.0.150 1.0.150 1.0.150 Signed-off-by: github-actions[bot] <224724778+hedgehog-dataplane-update[bot]@users.noreply.github.com>
Drop manual_assert_eq, redundant references in formatting, and implicit format-arg captures flagged under `-D warnings`. `#[allow(dead_code)]` the unused egress helpers (kept for the future egress NF rework). Precursor for the threading rewrite stack so `just lint` is green throughout. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Daniel Noland <daniel@githedgehog.com>
daniel-noland
force-pushed
the
pr/daniel-noland/clippy-pedantic-nits
branch
from
f66a413 to
40a0c4b
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR focuses on making just lint green under -D warnings by removing clippy::pedantic nits across the workspace, while also tightening the project-wide “use the concurrency facade” rule and improving cross/emulated test ergonomics (qemu-user + a shared emulated cfg).
Changes:
- Replaces direct
std::sync::*usage withconcurrency::sync::*(plus enforces via clippydisallowed-types+ a Semgrep/opengrep rule). - Standardizes pedantic-friendly patterns (e.g.,
assert_eq!,debug_assert_eq!, uninlined format args, useless borrows in formatting) across many crates/tests. - Improves model-checking/cross-test support: introduces
emulatedcfg, adds a target runner script for qemu-user, and updates shuttle handling to use a portfolio runner.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tracectl/src/control.rs | Switches sync imports to concurrency::sync and removes .unwrap() on locks. |
| tracectl/Cargo.toml | Adds concurrency dependency. |
| sysfs/src/lib.rs | Uses concurrency::sync::LazyLock. |
| sysfs/Cargo.toml | Adds concurrency dependency. |
| scripts/test-runner.sh | Adds target runner wrapper that uses qemu-user when host/target arch differs. |
| scripts/doc/custom-header.html | Bumps KaTeX CDN URLs/integrity metadata. |
| routing/src/router/rio.rs | Uses concurrency::sync::Arc and updates test ignore gating to emulated. |
| routing/src/router/ctl.rs | Uses concurrency::sync::Arc. |
| routing/src/rib/vrftable.rs | Gates traced_test under not(emulated). |
| routing/src/rib/nexthop.rs | Gates traced_test under not(emulated) and modernizes formatting. |
| routing/src/interfaces/mod.rs | Modernizes formatting (println!("{iftable}")). |
| routing/src/frr/test.rs | Gates traced_test under not(emulated) and updates ignore rationale. |
| routing/src/frr/renderer/vrf.rs | Removes needless borrow in formatting. |
| routing/src/frr/renderer/interface.rs | Removes needless borrow in formatting. |
| routing/src/frr/renderer/bgp.rs | Uses inline format args / removes needless borrows. |
| routing/src/frr/frrmi.rs | Simplifies match to ? propagation. |
| routing/src/fib/test.rs | Moves toward concurrency::* types and adds model-checker-friendly budgets. |
| routing/src/fib/fibtype.rs | Uses assert_ne! for pedantic compliance. |
| routing/src/config/mod.rs | Gates traced_test under not(emulated) and modernizes formatting. |
| routing/src/cli/handler.rs | Uses concurrency::sync::Arc. |
| routing/src/atable/resolver.rs | Switches ignore gating to emulated. |
| routing/Cargo.toml | Adds loom/shuttle feature wiring to concurrency. |
| npins/sources.json | Updates pinned sources (KaTeX, dplane-plugin, nixpkgs, rust-overlay). |
| nix/profiles.nix | Introduces host-arch, computes is-emulated-test, and sets --cfg=emulated for emulated tests. |
| nix/pkgs/dplane-plugin/default.nix | Drops a now-unneeded musl workaround patch. |
| net/src/packet/hash.rs | Adjusts cfg_select from miri to emulated. |
| net/src/buffer/test_buffer.rs | Uses debug_assert_eq! for clearer invariant checks. |
| nat/src/stateless/test.rs | Gates traced_test under not(emulated) and modernizes formatting. |
| nat/src/stateless/setup/range_builder.rs | Uses debug_assert_eq!. |
| nat/src/stateful/test.rs | Gates traced_test under not(emulated). |
| nat/src/stateful/apalloc/test_alloc.rs | Reworks concurrency tests to #[concurrency::test] and documents loom/shuttle constraints. |
| nat/src/stateful/apalloc/port_alloc.rs | Uses concurrency::thread::ThreadId + concurrency::thread::current() and minor iteration cleanup. |
| nat/src/stateful/apalloc/mod.rs | Uses assert_eq!. |
| nat/src/portfw/test.rs | Gates traced_test under not(emulated) and uses assert_ne! where appropriate. |
| nat/src/portfw/portfwtable/portrange.rs | Uses debug_assert_eq!. |
| nat/src/portfw/portfwtable/objects.rs | Gates traced_test under not(emulated). |
| nat/src/portfw/portfwtable/access.rs | Gates traced_test under not(emulated). |
| nat/src/lib.rs | Adds loom-only arbitrary_self_types gate for loom Arc newtype compatibility. |
| nat/Cargo.toml | Simplifies shuttle feature surface; adds loom passthrough. |
| miri.just | Adds shared --cfg=emulated and adjusts RUSTFLAGS concatenation. |
| mgmt/tests/reconcile.rs | Uses concurrency::sync::Arc and documents intentional std::sync::Mutex usage. |
| mgmt/src/vpc_manager/mod.rs | Uses concurrency::sync::Arc. |
| mgmt/src/tests/mgmt.rs | Gates traced_test under not(emulated). |
| mgmt/src/processor/mgmt_client.rs | Uses concurrency::sync::Arc. |
| mgmt/src/processor/k8s_less_client.rs | Uses concurrency::sync::Arc. |
| mgmt/src/processor/k8s_client.rs | Uses concurrency::sync::Arc. |
| mgmt/src/processor/gwconfigdb.rs | Uses concurrency::sync::Arc. |
| mgmt/src/processor/confbuild/router.rs | Uses concurrency::sync::Arc. |
| mgmt/src/processor/confbuild/namegen.rs | Removes needless borrows in formatting. |
| lpm/src/prefix/mod.rs | Uses assert_eq!/assert_eq!(.., Some(..)) for pedantic compliance. |
| left-right-tlcache/src/lib.rs | Uses concurrency::sync::Mutex and removes .unwrap() on facade lock. |
| left-right-tlcache/Cargo.toml | Adds concurrency dev-dependency. |
| k8s-less/src/local.rs | Gates traced_test under not(emulated). |
| k8s-intf/src/client.rs | Uses concurrency::sync::Arc. |
| k8s-intf/src/bolero/support.rs | Adjusts cfg_select from miri to emulated. |
| k8s-intf/Cargo.toml | Makes concurrency an optional dep for the client feature. |
| justfile | Updates nextest filter logic for shuttle/loom runs. |
| interface-manager/src/lib.rs | Uses concurrency::sync::Arc. |
| interface-manager/Cargo.toml | Adds concurrency dependency. |
| flow-filter/src/tests.rs | Gates traced_test under not(emulated). |
| flow-filter/src/setup.rs | Simplifies map iteration (overlaps.keys()). |
| flow-entry/src/flow_table/table.rs | Adjusts timer gating for loom/shuttle and refactors shuttle tests to #[concurrency::test]. |
| flow-entry/src/flow_table/nf_lookup.rs | Adjusts cfg_select from miri to emulated. |
| flow-entry/Cargo.toml | Adds loom passthrough; simplifies shuttle feature surface. |
| dpdk/src/acl/mod.rs | Uses concurrency::sync::Arc / concurrency::thread. |
| dpdk/src/acl/config.rs | Adds target-arch ignore rationale for a known cross-aarch64 bindgen discrepancy. |
| default.nix | Plumbs host-arch and adds qemu-user to build inputs. |
| dataplane/src/runtime.rs | Moves old main runtime logic into a module and uses concurrency::sync::Arc. |
| dataplane/src/packet_processor/egress.rs | Adds #[allow(dead_code)] on egress helper(s) as planned scaffolding. |
| dataplane/src/main.rs | Gates the dataplane binary out under loom and delegates to runtime::main(). |
| dataplane/src/drivers/dpdk.rs | Fixes CmdArgs import path (args::CmdArgs). |
| dataplane/Cargo.toml | Adds a loom feature for workspace-level feature unification. |
| config/src/utils/collapse.rs | Adjusts cfg_select from miri to emulated. |
| config/src/gwconfig.rs | Switches ArcSwap usage to concurrency::slot::Slot + uses concurrency::sync::Arc. |
| config/src/external/overlay/vpcpeering.rs | Uses concurrency::sync::LazyLock for static empty set. |
| config/src/display.rs | Removes needless borrow in formatting. |
| config/Cargo.toml | Adds concurrency dependency. |
| concurrency/tests/thread_scope.rs | Updates shuttle gating (portfolio includes PCT) + allows disallowed std types in tests. |
| concurrency/tests/stress_dispatch.rs | Updates docs/gating for shuttle portfolio runner and allows disallowed std types. |
| concurrency/tests/scope_property.rs | Allows disallowed std types in tests. |
| concurrency/tests/quiescent_shuttle.rs | Allows disallowed std types in tests. |
| concurrency/tests/quiescent_protocol.rs | Allows disallowed std types in tests. |
| concurrency/tests/quiescent_properties.rs | Allows disallowed std types in tests. |
| concurrency/tests/quiescent_model.rs | Updates shuttle gating and docs for portfolio runner. |
| concurrency/tests/arc_weak.rs | Updates shuttle gating and docs for portfolio runner. |
| concurrency/src/thread/mod.rs | Refines loom thread surface, adds a loom stack-sized spawn shim, and adds BuilderExt::spawn_scoped. |
| concurrency/src/thread/loom_scope.rs | Routes loom scoped thread spawning through the new loom spawn shim. |
| concurrency/src/sync/std_backend.rs | Re-exports LazyLock and allows disallowed std types within the facade. |
| concurrency/src/sync/shuttle_backend.rs | Re-exports LazyLock/OnceLock from std with explicit allow. |
| concurrency/src/sync/parking_lot_backend.rs | Re-exports LazyLock from std with explicit allow. |
| concurrency/src/sync/mod.rs | Updates docs to reflect shuttle portfolio runner (Random+PCT, optional DFS). |
| concurrency/src/sync/loom_backend.rs | Re-exports LazyLock from std with explicit allow. |
| concurrency/src/stress.rs | Switches shuttle backend to PortfolioRunner and adds a loom stack-size workaround. |
| concurrency/src/slot.rs | Adds load() helpers matching ArcSwap ergonomics across backends. |
| concurrency/src/quiescent.rs | Allows disallowed std types (needed by internal design). |
| concurrency/Cargo.toml | Simplifies shuttle feature surface (portfolio runner) and updates feature docs. |
| concurrency-macros/src/lib.rs | Updates #[concurrency::test] expansion/docs to match shuttle portfolio runner. |
| common/src/cliprovider.rs | Uses Slot::load() in provider impl. |
| clippy.toml | Disallows direct std sync lock types to enforce concurrency::sync usage. |
| cli/src/cliproto.rs | Switches ignore gating to emulated. |
| cli/Cargo.toml | Adds concurrency dependency. |
| cli/bin/terminal.rs | Uses concurrency::sync::Arc. |
| cli/bin/main.rs | Uses concurrency::sync::Arc. |
| cli/bin/completions.rs | Uses concurrency::sync::Arc. |
| Cargo.toml | Bumps a few dependency versions (e.g., netgauze, serde_json). |
| Cargo.lock | Updates lockfile accordingly. |
| .semgrep/rules/no-std-sync-direct.yaml | Adds path-aware enforcement for avoiding std::sync directly. |
| .gitignore | Ignores qemu-user core dumps. |
| .github/workflows/lint-opengrep.yml | Runs opengrep with auto + local rules. |
| .github/workflows/dev.yml | Adds cross label, cross-qemu test step, and sticky PR comment surfacing cross failures. |
| .github/workflows/bump.yml | Labels bump PRs with ci:+cross/full. |
| .github/actions/sticky-pr-comment/action.yml | Adds a composite action for marker-keyed sticky PR comments. |
| .config/nextest.toml | Adds a cross-qemu profile. |
| .cargo/config.toml | Registers emulated cfg and configures per-target runners via scripts/test-runner.sh. |
Comments suppressed due to low confidence (2)
flow-entry/src/flow_table/table.rs:869
confidence: 9
tags: [style]
These assertions will still trigger clippy::assertions_on_constants / clippy::bool_comparison-style pedantic lint; use `assert_eq!` for clearer failure output and to match the rest of the mechanical pedantic cleanups in this PR.
assert!(result.0 == flow_key1);
}));
handles.push(thread::spawn(move || {
let flow_info = FlowInfo::new(flow_key2, five_seconds_from_now);
flow_table_clone2.insert(flow_info).unwrap();
let result = flow_table.remove(&flow_key2).unwrap();
assert!(result.0 == flow_key2);
}));
**flow-entry/src/flow_table/table.rs:823**
* ```yaml
confidence: 8
tags: [style]
Typo in comment: “Cancellled” has an extra “l”, which can make grep/search for the status name harder.
// After all threads, flow[0] should be expired/gone (expirer thread ran).
// Since timers are not started in shuttle tests, the flow should be there
// but appear as Expired or Detached. Re-inserting a flow makes it active again,
// therefore, the only non-feasible status is Cancellled.
let found = flow_table.lookup(&flow_keys[0]).unwrap();
assert_ne!(found.status(), FlowStatus::Cancelled);
hedgehog-dataplane-update
Bot
force-pushed
the
bump/cargo-upgrades
branch
from
75bd274 to
35097b7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Drop pre-existing clippy::pedantic warnings flagged under `just lint`'s `-D warnings` so the stack ahead is green throughout.
Mechanical fixes only — no behavioral changes:
Touches: config, dataplane (egress), flow-entry, flow-filter, lpm, mgmt, nat, net, routing.
Precursor for #1562 (DPDK scaffolding removal) and #1555 (threading rewrite).