coverage: Don't show coverage for code paths that must panic/diverge #120013
Conversation
rustbot
added
S-waiting-on-review
There was a problem hiding this comment.
lgtm. we also recently had an internal discussion about this thing at sentry/codecov.
IMO, it would be okay to make this the default. However it would also be good to give people more freedom here. I could think about making the -C instrument-coverage flag take a list of options (instead of being a mutually exclusive enum like now) which can control some of these details.
| @@ -20,7 +20,6 @@ | |||
| LL| 1|fn eq_good_message() { | |||
| LL| 1| println!("b"); | |||
| LL| 1| assert_eq!(Foo(1), Foo(1), "message b"); | |||
| ^0 | |||
|
Yeah, the design I’ve had floating around in my head for a while (from here) is to have some kind of separate So |
|
I thought of a case where this approach might give unexpected results: |
Thinking about this some more, I realised that from the instrumentor's perspective, there is no reliable difference between a peaceful process exit and a panic/unwind/abort. For example, suppose we have a function like this: fn maybe_exit(cond: bool) {
if cond {
std::process::exit(0);
}
}When instrumenting callers of this function, the instrumentor is already committed to the assumption that it will return normally and not exit. If it does exit, any subsequent code in the caller is liable to give incorrect counts anyway. So by assuming the absence of panics, we have already assumed the absence of peaceful termination as well. Therefore, the fact that this PR interacts poorly with |
Is this related to continuous counter updates ( As documented here (https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#running-the-instrumented-program):
This might be a very niche use-case, but in the |
I don't think there's any relation. What I'm thinking of is the fact that (e.g.) code after an if/else often won't have its own counter, and will instead have a counter expression that ends up being equivalent to the counter of the code before the if/else. So if one of the if/else arms panics/crashes/terminates, then even if the counters are properly synced to disk, the coverage value displayed for the code after the if/else will still be “wrong” in the sense that it includes the execution that terminated (and therefore never reached the post-if/else code). |
|
☔ The latest upstream changes (presumably #120620) made this pull request unmergeable. Please resolve the merge conflicts. |
Dylan-DPC
added
S-experimental
|
☔ The latest upstream changes (presumably #121370) made this pull request unmergeable. Please resolve the merge conflicts. |
bors
added
the
S-waiting-on-author
This makes it easier to see that we're manipulating the instance that is being constructed, and is a lot less verbose than `basic_coverage_blocks`.
coverage: Use variable name `this` in `CoverageGraph::from_mir` A tiny little improvement, extracted from rust-lang#120013. This makes it easier to see that we're manipulating the instance that is being constructed, and is a lot less verbose than `basic_coverage_blocks`.
Rollup merge of rust-lang#121484 - Zalathar:this, r=oli-obk coverage: Use variable name `this` in `CoverageGraph::from_mir` A tiny little improvement, extracted from rust-lang#120013. This makes it easier to see that we're manipulating the instance that is being constructed, and is a lot less verbose than `basic_coverage_blocks`.
|
☔ The latest upstream changes (presumably #121491) made this pull request unmergeable. Please resolve the merge conflicts. |
|
This might be a nice use-case for #122226, if we're uncertain about just enabling it by default. |
|
I'd love to see this feature in stable, as currently I exclude It's not a native solution, but it works good enough for me |
Dylan-DPC
removed
the
S-waiting-on-author
One of the limitations of coverage instrumentation at the moment is that there's no good way to exclude “unreachable” code paths from coverage reports (e.g. see #80549).
However, as I noted in #80549 (comment), there is potentially a way around this in some cases. Coverage instrumentation already assumes that panics don't occur, so if we can detect code paths that must panic/diverge (e.g. because they call
panic!orunreachable!), we can potentially exclude their spans from the coverage mappings.Doing so seems to give quite pleasing results in some previously-troublesome cases.
Marking this as draft for now because it's a big user-visible change, and while I like it overall, I'm not fully convinced that it's the right thing to do.
r? @ghost
@rustbot label +A-code-coverage