-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return errors instead of panic #3782
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think these changes are fine, but we should keep consistency. What are your thoughts on updating the remaining begin/end blockers?
Codecov Report
@@ Coverage Diff @@
## develop #3782 +/- ##
===========================================
- Coverage 60.02% 59.79% -0.23%
===========================================
Files 212 212
Lines 15107 15158 +51
===========================================
- Hits 9068 9064 -4
- Misses 5418 5450 +32
- Partials 621 644 +23 |
@alexanderbez should be all good now. I see there is a thread #870 so I will put my input there to discuss if this something to consider. |
- Allow gaiacli to access host's raw-usb slot. - Promote the package to stable. Closes: #3714
Needs a rebase for #3828. |
A failing lint here as well as some conflicts in |
I fixed the merge problem. Its not a problem for me to do it, but since it will be a significant change, I need your input before tackling this. |
Which interfaces need adjustment @MarinX ? |
For example, fixing the lint issue for the func: func (keeper Keeper) GetTallyParams(ctx sdk.Context) TallyParams will become func (keeper Keeper) GetTallyParams(ctx sdk.Context) (TallyParams, error) which then needs adjustment to interfaces which will yield an error in build for other packages by using single value context. EDIT: |
validatorUpdates, endBlockerTags, err := staking.EndBlocker(ctx, app.stakingKeeper) | ||
if err != nil { | ||
return abci.ResponseEndBlock{}, err | ||
} | ||
tags = append(tags, endBlockerTags...) | ||
|
||
app.assertRuntimeInvariants() | ||
|
||
return abci.ResponseEndBlock{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a NewResponseEndBlock
function on the abci
pkg we could use to replace this everywhere?
this PR is big enough now, let's continue on a separate PR |
Exactly, |
So what is the consensus on this @MarinX? Seems like |
rebased |
@alexanderbez solution I found is to check the error and add TODO when we are going to rewrite the handling of errors. This new commit suppresses the lint errors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is bit crazy with 8K line additions... I'm assuming key commits haven't been merged into this branch, obviously need to merge recent develop before I'm able to review here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs a pending log entry, but otherwise LGTM. Thanks @MarinX.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have to block this due to the lack of a changelog entry file; otherwise this looks good to me. May I suggest to run sdkch add breaking sdk
@MarinX?
Added. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving. Hence merging (@rigelrozanski dismissing your review as the author did ultimately merge latest develop)
The author merged develop latest changes
Thank you very much for the contribution @MarinX!!! |
This reverts commit 985aae5.
This reverts commit 985aae5.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this PR was just reverted and I wanted to take some time to briefly reflect on design decisions which this PR breaks. Again, I do want to apologize for any wasted energy, I am grateful for new excited developers to be contributing to this code base. If after reading this comment, you still believe there are places where the panic should be converted to an error, I suggest a new similar PR (however, substantially smaller) be opened which I will review.
Design notes:
Overall, within the SDK we value safety over liveness.
When an a value is expected in state and cannot be properly retrieved, the state of the blockchain is broken and should panic immediately at that location. Notably the k.paramSpace.Get(...)
functions should in fact not be returning an error but panicking in place. If within the codebase it is expected behaviour that the parameter may not exist in the substore, the k.paramSpace.GetIfExists(...)
function should be used (this function will not panic if the value does not exist).
Within this PR there are also a number of highly unsafe TODO's introduced whereby old panics are left as unchecked errors - these changes effectively allow for unsafe state to be introduced into the blockchain without halting it! This means that by forgetting to add an important parameter into the genesis state would not be caught when the blockchain started and would continue to operate potentially with a vital parameter simply set to zero.
Within unmarshal functionality (which I there were a few changes), if an improper unmarshal is made it means there is improper state stored within the blockchain which of course means that the blockchain state is in error and should halt. There are of course certain situations when retrieving input from the user that possible faulty input is plausible and should not panic, but this should be all limited to the client/rest receivers (and not unmarshalling state already stored in the blockchain)
Lastly I wanted to mention an error return arguments were introduced into endblocker functionality of the modules needlessly the state still panicked instead of returning an error - which is fine however because it never should have been returning an error - but I'm assuming this was not the intention of the PR.
Targeted PR against correct branch (see CONTRIBUTING.md)
Linked to github-issue with discussion and accepted design OR link to spec that describes this work.
This is related to issue #3741 where fetching data from invalid store, package panic.
This PR modifies
subspace.go
to return errors instead of panic.It also updates other packages that import
subspace
and handles error.docs/
)PENDING.md
with issue #Files changed
in the github PR explorerFor Admin Use: