Added Error Handling & Defensive Programming Guide#3539
Open
veblush wants to merge 1 commit into
Open
Conversation
veblush
added
the
type:support
ddavis-2015
reviewed
Apr 29, 2026
ddavis-2015
reviewed
May 22, 2026
Comment on lines
+50
to
+51
| the Setup phase. Because developers can use `TF_LITE_STRIP_ERROR_STRINGS` to | ||
| remove the string bloat in production, checking topologies in `Prepare` |
|
|
||
| During the `Prepare` phase, kernels should validate their inputs and parameters | ||
| to ensure `Eval` can run blindly and safely. We prioritize clear error messages | ||
| here (relying on `TF_LITE_STRIP_ERROR_STRINGS` to mitigate the ROM cost in |
| > you have multiple preconditions, combine them into a single | ||
| > `TF_LITE_ENSURE(context, a != nullptr && b != nullptr)`. **Note:** For | ||
| > production builds where ROM is severely constrained, firmware developers | ||
| > should define the `TF_LITE_STRIP_ERROR_STRINGS` macro to compile out these |
Member
There was a problem hiding this comment.
or use a RELEASE build for production systems
| ``` | ||
|
|
||
| ``` | ||
| If it's just an invariant guaranteed by `Prepare`, ask to hoist the check or |
Comment on lines
+214
to
+240
| ### Fixing Fuzzer Crashes | ||
|
|
||
| Fuzzer fixes should align with the core philosophy. We evaluate them based on | ||
| the type of crash: | ||
|
|
||
| 1. **Corrupted FlatBuffer Files (Working As Intended):** If the fuzzer mutates | ||
| the FlatBuffer byte array so a `Tensor` offset points beyond the end of the | ||
| file (causing a segfault), **request changes if the PR uses `TF_LITE_ENSURE` | ||
| or raw `if` statements**. To keep the binary size as small as possible, we | ||
| prefer to omit the FlatBuffer verifier. However, **it is recommended to | ||
| accept the PR if it exclusively uses `TFLITE_DCHECK`** to catch the | ||
| out-of-bounds index. This treats the structural check purely as a zero-cost | ||
| developer aid during debugging. | ||
| 2. **Invalid Model Topologies (Fix in Prepare):** If the fuzzer generates a | ||
| valid FlatBuffer but modifies a `CONV_2D` operator to have 0 inputs instead | ||
| of the expected 3, **this is a good fix in `Prepare`** using | ||
| `TF_LITE_ENSURE_EQ(context, NumInputs(node), 3);`. | ||
| 3. **Static Math Crashes (Fix in Prepare):** If the fuzzer sets a quantization | ||
| `scale` parameter to `0.0` (causing a hardware trap during inference), | ||
| **this is a good fix in `Prepare`** using `TF_LITE_ENSURE(context, scale != | ||
| 0.0);`. | ||
| 4. **Dynamic Math/Data Crashes (Fix in Eval):** If the fuzzer provides input | ||
| data to a `GATHER` op with an index of `999` (causing out-of-bounds | ||
| corruption), or a divisor tensor evaluates to `0` (causing a divide-by-zero | ||
| trap), **this is a good fix in `Eval`**. Prefer a raw `if (index >= 10) | ||
| return kTfLiteError;` to save ROM (avoid using `TF_LITE_ENSURE` here just to | ||
| log the error; save the ROM). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
BUG=n/a