plushie 0.7.1

Desktop GUI framework for Rust
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

//! Execution backends for plushie apps.
//!
//! `plushie::run::<A>()` dispatches to whichever backend is compiled in:
//!
//! - **Direct** (`direct` feature, default): Renders in-process using
//!   iced. No subprocess, no serialization.
//! - **Wire** (`wire` feature): Spawns a renderer binary and
//!   communicates over stdin/stdout. The binary path is discovered via
//!   the four-step chain: `PLUSHIE_BINARY_PATH`, custom build output
//!   (`target/plushie-renderer/`), downloaded stock binary
//!   (`target/plushie/bin/`), then `PATH`. Use `crate::run_with_renderer`
//!   (wire feature only) to supply an explicit path.

#[cfg(feature = "direct")]
pub mod direct;

#[cfg(any(feature = "direct", feature = "wire"))]
pub(crate) mod event_bridge;

#[cfg(any(feature = "direct", feature = "wire"))]
pub(crate) mod effect_tracker;

#[cfg(feature = "direct")]
mod queue_sink;

#[cfg(feature = "wire")]
pub mod bridge;

#[cfg(feature = "wire")]
pub(crate) mod env;

#[cfg(feature = "wire")]
pub mod socket;

#[cfg(feature = "wire")]
pub mod wire;

// Wire-binary discovery is used by `plushie::run` mode detection
// (socket / binary-path / mode-flag / feature default) and by the
// curated `run_spawn` entry point. Available whenever the `wire`
// feature is compiled in.
#[cfg(feature = "wire")]
pub(crate) mod wire_discovery;

// ---------------------------------------------------------------------------
// Shared helpers (direct + wire)
// ---------------------------------------------------------------------------

/// Platform-aware cooperative sleep for runner `Task::perform` futures.
///
/// Keeps the future cooperative so iced's executor can park it rather
/// than blocking a worker thread. `std::thread::sleep` inside an async
/// block would pin whichever executor thread drove the future.
///
/// Native builds use `tokio::time::sleep`. WASM builds would route
/// through `wasmtimer::tokio::sleep`, but the `plushie` crate's
/// direct mode depends on `plushie-renderer-lib`'s native effect
/// handler (rfd, arboard, notify-rust), so wasm32 isn't supported
/// here today. The cfg is future-proofed; if wasm32 ever lands, wire
/// in wasmtimer the same way `plushie-renderer-lib::emitter` does.
#[cfg(feature = "direct")]
#[allow(dead_code)]
pub(crate) async fn platform_sleep(duration: std::time::Duration) {
    tokio::time::sleep(duration).await;
}

/// Extract a human-readable message from a `catch_unwind` payload.
///
/// Matches the `&'static str` / `String` downcast pattern used in
/// `plushie-renderer/src/headless.rs` panic recovery.
#[cfg(any(feature = "direct", feature = "wire"))]
#[allow(dead_code)]
pub(crate) fn panic_message(payload: &(dyn std::any::Any + Send)) -> &str {
    payload
        .downcast_ref::<&'static str>()
        .copied()
        .or_else(|| payload.downcast_ref::<String>().map(|s| s.as_str()))
        .unwrap_or("(non-string panic)")
}

/// Run a user-supplied future and convert panics into structured errors.
///
/// Without this guard, a panic inside the user's async task unwinds the
/// executor worker, drops the result sender, and leaves the app waiting
/// forever for a result that never arrives. Wrap every user future fed
/// into `runtime.spawn` or `Task::perform` with this helper so panics
/// surface as `Err(json!({"error": "panic", "message": ...}))` and
/// the MVU loop sees an `AsyncEvent(Err(..))` for the tag.
#[cfg(any(feature = "direct", feature = "wire"))]
#[allow(dead_code)]
pub(crate) async fn run_task_with_panic_guard<F>(
    tag: &str,
    future: F,
) -> Result<serde_json::Value, serde_json::Value>
where
    F: std::future::Future<Output = Result<serde_json::Value, serde_json::Value>>,
{
    use futures::FutureExt;
    match std::panic::AssertUnwindSafe(future).catch_unwind().await {
        Ok(result) => result,
        Err(payload) => {
            let msg = panic_message(&*payload);
            log::error!("async task `{tag}` panicked: {msg}");
            Err(serde_json::json!({ "error": "panic", "message": msg }))
        }
    }
}

#[cfg(all(test, feature = "direct"))]
mod tests {
    use super::*;
    use std::future::Future;
    use std::pin::Pin;
    use std::sync::Arc;
    use std::sync::atomic::{AtomicUsize, Ordering};
    use std::time::{Duration, Instant};

    // ---------------------------------------------------------------------------
    // platform_sleep is cooperative
    //
    // Direct-mode SendAfter must not block the executor worker.
    // `std::thread::sleep` inside a Task::perform future would
    // serialise concurrent delays; `platform_sleep`
    // (tokio::time::sleep) lets multiple delays run in parallel.
    //
    // With a two-worker runtime and four 100 ms sleeps, total wall
    // time must be much closer to 100 ms than 400 ms. Pick a generous
    // ceiling (250 ms) to avoid flakiness under loaded CI.
    // ---------------------------------------------------------------------------

    #[test]
    fn platform_sleep_runs_concurrently() {
        let rt = tokio::runtime::Builder::new_multi_thread()
            .worker_threads(2)
            .enable_all()
            .build()
            .expect("runtime build failed");

        rt.block_on(async {
            let start = Instant::now();
            let mut handles = Vec::new();
            for _ in 0..4 {
                handles.push(tokio::spawn(async {
                    platform_sleep(Duration::from_millis(100)).await;
                }));
            }
            for h in handles {
                h.await.expect("task panicked");
            }
            let elapsed = start.elapsed();
            assert!(
                elapsed < Duration::from_millis(250),
                "platform_sleep should be cooperative; 4x100ms elapsed = {elapsed:?}, \
                 expected < 250ms but got serialised"
            );
        });
    }

    // ---------------------------------------------------------------------------
    // run_task_with_panic_guard surfaces panics as Err(...)
    //
    // Without the guard, a panic in a user future unwinds the
    // executor worker and drops the result channel. The app then
    // waits forever for an AsyncEvent that never arrives.
    // ---------------------------------------------------------------------------

    #[test]
    fn panic_guard_returns_err_payload() {
        let rt = tokio::runtime::Builder::new_current_thread()
            .enable_all()
            .build()
            .expect("runtime build failed");

        let future: Pin<Box<dyn Future<Output = Result<serde_json::Value, serde_json::Value>>>> =
            Box::pin(async { panic!("boom") });
        let result = rt.block_on(run_task_with_panic_guard("t", future));
        let err = result.expect_err("panic must surface as Err");
        let obj = err.as_object().expect("panic payload must be an object");
        assert_eq!(obj.get("error").and_then(|v| v.as_str()), Some("panic"));
        let msg = obj.get("message").and_then(|v| v.as_str()).unwrap_or("");
        assert!(
            msg.contains("boom"),
            "message {msg:?} should contain panic payload"
        );
    }

    #[test]
    fn panic_guard_passes_ok_through() {
        let rt = tokio::runtime::Builder::new_current_thread()
            .enable_all()
            .build()
            .expect("runtime build failed");

        let future: Pin<Box<dyn Future<Output = Result<serde_json::Value, serde_json::Value>>>> =
            Box::pin(async { Ok(serde_json::json!(42)) });
        let result = rt.block_on(run_task_with_panic_guard("t", future));
        assert_eq!(result, Ok(serde_json::json!(42)));
    }

    #[test]
    fn panic_guard_passes_err_through() {
        let rt = tokio::runtime::Builder::new_current_thread()
            .enable_all()
            .build()
            .expect("runtime build failed");

        let future: Pin<Box<dyn Future<Output = Result<serde_json::Value, serde_json::Value>>>> =
            Box::pin(async { Err(serde_json::json!({"kind": "not_found"})) });
        let result = rt.block_on(run_task_with_panic_guard("t", future));
        assert_eq!(result, Err(serde_json::json!({"kind": "not_found"})));
    }

    // ---------------------------------------------------------------------------
    // Panicking future doesn't hang the runtime
    //
    // Even with multiple concurrent tasks where one panics, the rest
    // must still complete. This pins the lifecycle invariant that
    // panics never leak into the wait-on-result loop.
    // ---------------------------------------------------------------------------

    #[test]
    fn concurrent_panics_do_not_stall_other_tasks() {
        let rt = tokio::runtime::Builder::new_multi_thread()
            .worker_threads(2)
            .enable_all()
            .build()
            .expect("runtime build failed");

        let counter = Arc::new(AtomicUsize::new(0));
        rt.block_on(async {
            let mut handles = Vec::new();

            for i in 0..4 {
                let counter = counter.clone();
                handles.push(tokio::spawn(async move {
                    let future: Pin<
                        Box<
                            dyn Future<Output = Result<serde_json::Value, serde_json::Value>>
                                + Send,
                        >,
                    > = if i == 1 {
                        Box::pin(async { panic!("user code exploded") })
                    } else {
                        Box::pin(async move {
                            counter.fetch_add(1, Ordering::SeqCst);
                            Ok(serde_json::json!(i))
                        })
                    };
                    run_task_with_panic_guard(&format!("task-{i}"), future).await
                }));
            }

            for h in handles {
                // Every spawn must return a Result (not panic out of the
                // task). The JoinHandle only errors if the spawn itself
                // panicked, which the guard prevents.
                let _ = h.await.expect("spawn panicked through the guard");
            }
        });

        assert_eq!(
            counter.load(Ordering::SeqCst),
            3,
            "three non-panicking tasks must all have completed"
        );
    }
}