Avoid time operations that can panic #633
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have reports of runtime panics (linkerd/linkerd2#7748) that sound a lot like rust-lang/rust#86470. We don't have any evidence that these panics originate in tower, but we have some potentialy flawed `Instant` arithmetic that could panic in this way. Even though this is almost definitely a bug in Rust, it seems most prudent to actively avoid the uses of `Instant` that are prone to this bug. This change replaces uses of `Instant::elapsed` and `Instant::sub` with calls to `Instant::saturating_duration_since` to prevent this class of panic. These fixes should ultimately be made in the standard library, but this change lets us avoid this problem while we wait for those fixes. See also hyperium/hyper#2746
seanmonstar
approved these changes
Feb 1, 2022
hawkw
added a commit
that referenced
this pull request
Feb 16, 2022
# 0.4.12 (February 16, 2022) ### Fixed - **hedge**, **load**, **retry**: Fix use of `Instant` operations that can panic on platforms where `Instant` is not monotonic ([#633]) - Disable `attributes` feature on `tracing` dependency ([#623]) - Remove unused dependencies and dependency features with some feature combinations ([#603], [#602]) - **docs**: Fix a typo in the RustDoc for `Buffer` ([#622]) ### Changed - **hedge**: Updated `hdrhistogram` dependency to v7.0 ([#602]) - Updated `tokio-util` dependency to v0.7 ([#638]) [#633]: #633 [#623]: #623 [#603]: #603 [#602]: #602 [#622]: #622 [#638]: #638
hawkw
added a commit
that referenced
this pull request
Feb 16, 2022
* chore: prepare to release v0.4.12 # 0.4.12 (February 16, 2022) ### Fixed - **hedge**, **load**, **retry**: Fix use of `Instant` operations that can panic on platforms where `Instant` is not monotonic ([#633]) - Disable `attributes` feature on `tracing` dependency ([#623]) - Remove unused dependencies and dependency features with some feature combinations ([#603], [#602]) - **docs**: Fix a typo in the RustDoc for `Buffer` ([#622]) ### Changed - Updated minimum supported Rust version (MSRV) to 1.49.0. - **hedge**: Updated `hdrhistogram` dependency to v7.0 ([#602]) - Updated `tokio-util` dependency to v0.7 ([#638]) [#633]: #633 [#623]: #623 [#603]: #603 [#602]: #602 [#622]: #622 [#638]: #638 * add msrv
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have reports of runtime panics (linkerd/linkerd2#7748) that sound a
lot like rust-lang/rust#86470. We don't have any evidence that these
panics originate in tower, but we have some potentialy flawed
Instantarithmetic that could panic in this way.
Even though this is almost definitely a bug in Rust, it seems most
prudent to actively avoid the uses of
Instantthat are prone to thisbug.
This change replaces uses of
Instant::elapsedandInstant::subwithcalls to
Instant::saturating_duration_sinceto prevent this class ofpanic. These fixes should ultimately be made in the standard library,
but this change lets us avoid this problem while we wait for those
fixes.
See also hyperium/hyper#2746