Add compile-time safe exception macros for profiler telemetry #4990
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
core
bouwkast
changed the base branch from
master
to
steven/error-logs-remediation
Contributor
|
lloeki
force-pushed
the
steven/error-logs-remediation
branch
from
f40e845 to
c8670d6
Compare
This gets us closer to allowing these errors to be sent to telemetry.
bouwkast
force-pushed
the
steven/error-logs-remediation-custom-profiler-code
branch
from
8550883 to
3d908d7
Compare
Typing analysisNote: Ignored files are excluded from the next sections. Untyped methodsThis PR introduces 1 partially typed method, and clears 1 partially typed method. It increases the percentage of typed methods from 54.67% to 54.7% (+0.03%). Partially typed methods (+1-1)❌ Introduced:If you believe a method or an attribute is rightfully untyped or partially typed, you can add |
Add ruby_helpers.h include to 8 C files that use datadog_profiling_error_class and datadog_profiling_internal_error_class but were missing the header declaration. This fixes the compilation error: error: 'datadog_profiling_error_class' undeclared Files fixed: - clock_id_from_pthread.c - collectors_gc_profiling_helper.c - collectors_stack.c - collectors_thread_context.c - encoded_profile.c - libdatadog_helpers.c - private_vm_api_access.c - unsafe_api_calls_check.c
Move ruby_helpers.h include after private VM headers to avoid conflicts. This file requires private VM headers to be included first before any public Ruby headers, but ruby_helpers.h includes datadog_ruby_common.h which includes ruby.h, causing header ordering conflicts. Fixes compilation error: 'expected ')' before '==' token in RHASH_EMPTY_P'
Cannot include ruby_helpers.h in this file as it pulls in public Ruby headers (via datadog_ruby_common.h) that conflict with private VM headers. Instead, declare the exception class globals as extern, following the pattern already established in this file for other declarations. This fully resolves the header ordering compilation error.
Method was renamed from safe_exception_message to constant_exception_message but the RBS signature file was not updated, causing Steep type errors.
BenchmarksBenchmark execution time: 2025-11-07 21:32:47 Comparing candidate commit f04f01d in PR branch Found 0 performance improvements and 2 performance regressions! Performance is the same for 42 metrics, 2 unstable metrics. scenario:profiling - Allocations (baseline)
scenario:tracing - Propagation - Datadog
|
The error method must be public but was accidentally made private when constant_exception_message was added. Moving it before the private keyword restores its public visibility. Fixes test failure: NoMethodError: private method 'error' called
Serialization errors contain dynamic libdatadog content, so they should raise ProfilingInternalError (not ProfilingError or RuntimeError). Updated both the Ruby wrapper code and the test expectation to use ProfilingInternalError consistently. Fixes test failure expecting ProfilingError but getting RuntimeError.
bouwkast
added
the
AI Generated
bouwkast
changed the title
bouwkast
changed the title
Member
|
So I believe this has been superseded by #5076 so should we close this one? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Introduces custom exception classes for the profiler's C code to safely distinguish between constant error
messages (safe for telemetry) and dynamic content (excluded from telemetry), with compile-time enforcement to
prevent accidental PII leakage.
Implementation:
Two exception types:
Datadog::Profiling::ProfilingError- Constant messages → included in telemetry for aggregationDatadog::Profiling::ProfilingInternalError- Dynamic content (libdatadog errors, system state) → excluded fromtelemetry, preserved locally for debugging
Compile-time safe macros using libdatadog's string concatenation technique:
The "" msg trick ensures compilation fails if a non-literal string is passed to TELEMETRY_SAFE, preventing
accidental inclusion of dynamic content in telemetry.
Updated 51 error sites across 18 C files (26 constant → TELEMETRY_SAFE, 25 dynamic → TELEMETRY_UNSAFE) and
modified telemetry logging to selectively include only ProfilingError messages.
Motivation:
Following #4985 which removed the pii_safe parameter, we need to ensure profiler error messages in telemetry
contain only known-constant strings for compliance with intake requirements.
The profiler communicates errors to telemetry (Ruby code) via exception messages. Using exception types to distinguish safe vs. unsafe content allows the telemetry layer to filter appropriately.
The compile-time enforcement addresses maintainability concerns by making it impossible to accidentally pass
dynamic content to telemetry-safe exceptions through copy-paste errors or misunderstanding.
Change log entry
None.
Additional Notes:
This approach enables telemetry fingerprinting and aggregation for constant error messages while maintaining full
debugging context locally for dynamic errors. The two-tier system provides semantic clarity about what's safe for
telemetry vs. what should remain local-only.
Special handling for private_vm_api_access.c which cannot include ruby_helpers.h due to header conflicts with
private VM APIs—uses manual extern declarations with explanatory comments.
How to test the change?
Existing test coverage validates:
Compile-time enforcement can be verified by attempting to pass a variable to RAISE_PROFILING_TELEMETRY_SAFE
(compilation will fail as expected).
All CI tests passing.