refactor(dpi/stun): drop unreachable!() arm in class decode#289
Merged
Conversation
class_bits is computed as ((c1 << 1) | c0) where both c0 and c1 are masked to a single bit, so its value is bounded to 0..=3 by construction. With that invariant, the 0b11 arm covers the only remaining value and the `_ => unreachable!()` catch-all carries no information for either the reader or the compiler. Replace the catch-all with the 0b11 case (ErrorResponse) and tighten the c0/c1 types from u16 to u8 to keep the bit-arithmetic narrow. Add a regression test that pairs every class with a non-Binding method (0x0003) so future changes to method handling can't mask a class-bit regression. The four existing per-class tests all use method=Binding and would still pass even if the class decode silently became dependent on method recognition.
Owner
|
@0xghost42 thanks a lot! This also looks good to me! |
This was referenced May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Same shape as #279 for SNMP: collapse a match whose catch-all is provably unreachable into one that no longer needs it.
analyze_stundecodes the message class from two bits:Each of
c0/c1is masked to a single bit, soclass_bitsis bounded to0..=3by construction. The match below already enumerated all four values and carried a_ => unreachable!()arm that the compiler could not prove away.This PR:
c0/c1fromu16tou8, keeping the bit arithmetic narrow.unreachable!()with the0b11case (ErrorResponse), with a short comment recording the bound that justifies the change.test_class_bits_exhaustive_for_unknown_methodthat pairs every class with a non-Binding method (0x0003) so a future change to method handling can't silently make class decode method-dependent — the four existing per-class tests all usemethod=Bindingand would still pass.No behavior change in the success path; the
_arm previously panicked and now returnsErrorResponse, which is whatunreachable!()was implicitly claiming would never be needed.Verification
cargo test --lib: 360 passed, 0 failed (15 innetwork::dpi::stun, incl. the new test).cargo clippy --all-targets -- -D warnings: clean.cargo fmt --check: clean.Notes
Reviewed RFC 5389 §6 (message type encoding) to confirm the four class encodings and the meaning of the
M/Cbits.