embedded-service cfu: audit panics

[jerrysxie]

This pull request introduces improvements to error handling and code safety in the CFU component and device request logic. The main changes ensure that protocol errors are properly surfaced when sub-component information is missing, and refactor device lookup logic to use more idiomatic Rust patterns, reducing the risk of panics and improving code clarity.

Error Handling and Protocol Safety

• When retrieving firmware version information from sub-components in CfuComponentDefault, the code now checks for missing data and returns a protocol error (CfuProtocolError::BadResponse) instead of using a default value. This prevents silent failures and makes error cases explicit.

Code Refactoring and Idiomatic Rust

• Refactored device lookup in route_request, send_device_request, and wait_device_response functions to use if let Some(device) instead of manually unwrapping Option. This eliminates potential panics and makes the code more idiomatic and readable.

Safety and Documentation

• Added a compile-time assertion to guarantee that MAX_CMPT_COUNT is always one greater than MAX_SUBCMPT_COUNT, ensuring safe indexing and preventing out-of-bounds errors.
• Improved comments and annotations to clarify panic safety and suppress unnecessary Clippy warnings where indexing is guaranteed to be safe.

[Copilot]

Pull request overview

This PR improves error handling and panic safety in the CFU (Component Firmware Update) service by replacing manual unwrapping with idiomatic pattern matching and documenting indexing safety.

Key changes:

• Refactored route_request, send_device_request, and wait_device_response functions to use if let Some(device) pattern matching instead of manual unwrapping, eliminating potential panics
• Added clippy allow attribute and safety comment for array indexing operation in component.rs

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
embedded-service/src/cfu/mod.rs	Refactored three routing functions to use pattern matching for Option handling, making error handling more explicit and idiomatic while eliminating unwrap() calls
embedded-service/src/cfu/component.rs	Added clippy::indexing_slicing allow attribute with safety comment to document why array indexing is safe in the FwVersionRequest handler

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

embedded-service/src/cfu/component.rs:264

• The error handling in this branch seems inconsistent with the changes in the if branch above. When a sub-component returns an unexpected response type (not a FwVersionResponse), this code silently creates dummy firmware version info instead of returning a protocol error. This contradicts the PR's stated goal of ensuring protocol errors are properly surfaced instead of using default values. Consider returning CfuError::ProtocolError(CfuProtocolError::BadResponse) here as well to maintain consistency.

                        } else {
                            /*error!(
                                "Failed to get firmware version from sub-component: {}, adding dummy info to list",
                                id
                            );*/
                            comp_info[index + 1] = FwVerComponentInfo::new(FwVersion::default(), index as u8 + 1);
                        }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.