Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return errors instead of panic #3782

Merged
merged 43 commits into from
Apr 4, 2019
Merged

Return errors instead of panic #3782

merged 43 commits into from
Apr 4, 2019

Conversation

MarinX
Copy link
Contributor

@MarinX MarinX commented Mar 1, 2019

  • Targeted PR against correct branch (see CONTRIBUTING.md)

  • Linked to github-issue with discussion and accepted design OR link to spec that describes this work.

This is related to issue #3741 where fetching data from invalid store, package panic.
This PR modifies subspace.go to return errors instead of panic.
It also updates other packages that import subspace and handles error.

  • Modify tests
  • Updated relevant documentation (docs/)
  • Added entries in PENDING.md with issue #
  • rereviewed Files changed in the github PR explorer

For Admin Use:

  • Added appropriate labels to PR (ex. wip, ready-for-review, docs)
  • Reviewers Assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these changes are fine, but we should keep consistency. What are your thoughts on updating the remaining begin/end blockers?

x/mint/abci_app.go Show resolved Hide resolved
@codecov
Copy link

codecov bot commented Mar 1, 2019

Codecov Report

Merging #3782 into develop will decrease coverage by 0.22%.
The diff coverage is 25%.

@@             Coverage Diff             @@
##           develop    #3782      +/-   ##
===========================================
- Coverage    60.02%   59.79%   -0.23%     
===========================================
  Files          212      212              
  Lines        15107    15158      +51     
===========================================
- Hits          9068     9064       -4     
- Misses        5418     5450      +32     
- Partials       621      644      +23

@MarinX MarinX changed the title Return errors instead of panic [WIP] Return errors instead of panic Mar 1, 2019
@MarinX
Copy link
Contributor Author

MarinX commented Mar 2, 2019

@alexanderbez should be all good now.
Since I did not want to go deeper into packages and change all panics to errors, I suggest maybe to panic only on commands and main (if we want to recover from it).
Packages should not panic.

I see there is a thread #870 so I will put my input there to discuss if this something to consider.

@MarinX MarinX changed the title [WIP] Return errors instead of panic Return errors instead of panic Mar 3, 2019
cwgoes pushed a commit that referenced this pull request Mar 4, 2019
- Allow gaiacli to access host's raw-usb slot.
- Promote the package to stable.

Closes: #3714
@cwgoes
Copy link
Contributor

cwgoes commented Mar 15, 2019

Needs a rebase for #3828.

@jackzampolin
Copy link
Member

A failing lint here as well as some conflicts in PENDING.md. Looks great otherwise tho @MarinX !

@MarinX
Copy link
Contributor Author

MarinX commented Mar 16, 2019

I fixed the merge problem.
The problem with lint is that if we return(handle) the error, we need to fix interfaces which again follows handling the errors in core packages and single value returns.

Its not a problem for me to do it, but since it will be a significant change, I need your input before tackling this.

@alexanderbez
Copy link
Contributor

Which interfaces need adjustment @MarinX ?

@MarinX
Copy link
Contributor Author

MarinX commented Mar 16, 2019

For example, fixing the lint issue for the func:

func (keeper Keeper) GetTallyParams(ctx sdk.Context) TallyParams

will become

func (keeper Keeper) GetTallyParams(ctx sdk.Context) (TallyParams, error)

which then needs adjustment to interfaces which will yield an error in build for other packages by using single value context.
We have around 20 functions that needs to return error, in which I suspect more packages will trigger an error.
So its a big rewrite of modifying interfaces, catching the errors and returning it to main caller.

EDIT:
So the question is, do we fix those lints in this PR ( which will require rewrites) or do we create a new PR where we continue handling the error?

validatorUpdates, endBlockerTags, err := staking.EndBlocker(ctx, app.stakingKeeper)
if err != nil {
return abci.ResponseEndBlock{}, err
}
tags = append(tags, endBlockerTags...)

app.assertRuntimeInvariants()

return abci.ResponseEndBlock{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a NewResponseEndBlock function on the abci pkg we could use to replace this everywhere?

@fedekunze
Copy link
Collaborator

So the question is, do we fix those lints in this PR ( which will require rewrites) or do we create a new PR where we continue handling the error?

this PR is big enough now, let's continue on a separate PR

@MarinX
Copy link
Contributor Author

MarinX commented Mar 20, 2019

Exactly,
This PR is just a fix for returning the error instead of panic.
Handling the error should be another PR which will be a huge rewrite (hopefully lints would be also fixed)

@alexanderbez
Copy link
Contributor

So what is the consensus on this @MarinX? Seems like lint is failing. What is the bare minimum we need to change to fix the root issue?

@MarinX MarinX requested a review from zramsay as a code owner March 27, 2019 15:21
@MarinX
Copy link
Contributor Author

MarinX commented Mar 27, 2019

rebased

@MarinX
Copy link
Contributor Author

MarinX commented Mar 27, 2019

@alexanderbez solution I found is to check the error and add TODO when we are going to rewrite the handling of errors. This new commit suppresses the lint errors.

Copy link
Contributor

@rigelrozanski rigelrozanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is bit crazy with 8K line additions... I'm assuming key commits haven't been merged into this branch, obviously need to merge recent develop before I'm able to review here

.circleci/config.yml Outdated Show resolved Hide resolved
Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a pending log entry, but otherwise LGTM. Thanks @MarinX.

Copy link
Contributor

@alessio alessio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have to block this due to the lack of a changelog entry file; otherwise this looks good to me. May I suggest to run sdkch add breaking sdk @MarinX?

@alessio alessio requested a review from rigelrozanski April 1, 2019 23:01
@MarinX
Copy link
Contributor Author

MarinX commented Apr 3, 2019

I have to block this due to the lack of a changelog entry file; otherwise this looks good to me. May I suggest to run sdkch add breaking sdk @MarinX?

Added.
Also, merged with latest changes

Copy link
Collaborator

@fedekunze fedekunze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@alessio alessio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving. Hence merging (@rigelrozanski dismissing your review as the author did ultimately merge latest develop)

@alessio alessio dismissed rigelrozanski’s stale review April 4, 2019 07:09

The author merged develop latest changes

@alessio alessio merged commit 985aae5 into cosmos:develop Apr 4, 2019
@jackzampolin
Copy link
Member

Thank you very much for the contribution @MarinX!!!

Copy link
Contributor

@rigelrozanski rigelrozanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this PR was just reverted and I wanted to take some time to briefly reflect on design decisions which this PR breaks. Again, I do want to apologize for any wasted energy, I am grateful for new excited developers to be contributing to this code base. If after reading this comment, you still believe there are places where the panic should be converted to an error, I suggest a new similar PR (however, substantially smaller) be opened which I will review.

Design notes:
Overall, within the SDK we value safety over liveness.
When an a value is expected in state and cannot be properly retrieved, the state of the blockchain is broken and should panic immediately at that location. Notably the k.paramSpace.Get(...) functions should in fact not be returning an error but panicking in place. If within the codebase it is expected behaviour that the parameter may not exist in the substore, the k.paramSpace.GetIfExists(...) function should be used (this function will not panic if the value does not exist).

Within this PR there are also a number of highly unsafe TODO's introduced whereby old panics are left as unchecked errors - these changes effectively allow for unsafe state to be introduced into the blockchain without halting it! This means that by forgetting to add an important parameter into the genesis state would not be caught when the blockchain started and would continue to operate potentially with a vital parameter simply set to zero.

Within unmarshal functionality (which I there were a few changes), if an improper unmarshal is made it means there is improper state stored within the blockchain which of course means that the blockchain state is in error and should halt. There are of course certain situations when retrieving input from the user that possible faulty input is plausible and should not panic, but this should be all limited to the client/rest receivers (and not unmarshalling state already stored in the blockchain)

Lastly I wanted to mention an error return arguments were introduced into endblocker functionality of the modules needlessly the state still panicked instead of returning an error - which is fine however because it never should have been returning an error - but I'm assuming this was not the intention of the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants