Handling of unlikely syscall errors

Handling of unlikely syscall errors
from hades@programming.dev to programming@programming.dev on 04 Aug 13:23
https://programming.dev/post/35085425

If you were designing a standard library of a high level language (like Rust, C++, etc.) what would it do if while getting the current time of day (e.g. SystemTime::now()) it encountered a failed kernel system call (e.g. to clock_gettime) and why?

What do you think the existing implementations do?

Return error or raise exception
Return 0
Return undefined values (like stack garbage)
Panic/crash/segfault

#programming

threaded - newest

Colloidal@programming.dev on 04 Aug 13:46 next collapse

Raising an exception would be standard practice, IMO. A library should not dictate how an application behaves. Let the application handle it.

sxan@midwest.social on 04 Aug 14:12 collapse

If that’s the only error mechanism, sure. Exceptions in most languages tend to be relatively expensive, though, and most have a cheaper idiomatic way of returning error codes; you’d want to use those if they’re available, right?

Does Rust use exceptions a lot? I don’t know. V has panic and catch, but you almost never see them. Idiomatic is Option (?) and Return (!) values, which I thought V borrowed from Rust. Go does the (val, error) tuple-ish return thing, and while it too has catchable panics, they’re discouraged in favor of (error) return values.

Depends on the language. “Higher level” is a pretty broad field!

bleistift2@sopuli.xyz on 04 Aug 20:22 collapse

If that’s the only error mechanism, sure. Exceptions in most languages tend to be relatively expensive, though, and most have a cheaper idiomatic way of returning error codes; you’d want to use those if they’re available, right?

I think not being able to get the current time from the system is very exceptional. And I think exceptional circumstances should act that way and not “look like” normal executions. To me, that means letting hell break loose, and not “silently” return a 1 instead of a 0.

By similar reasoning, “Exceptions in most languages tend to be relatively expensive” is a very weak argument. We don’t expect this error-throwing code to execute a lot.

sxan@midwest.social on 04 Aug 22:29 collapse

I can think if plenty of situations where system time is

Optional
Unreliable
And even potentially disallowed by the user

In fact, if you don’t set up your containers right, the system time is almost always wrong.

anton@lemmy.blahaj.zone on 04 Aug 14:04 next collapse

I think you should make the overwhelmingly likely case crash in a controlled way, but provide a way to handle it for people who truly want to keep going in such strange conditions.

In rust I would panic in now(), but also provide a alternative call that returns a result named something like try_now(), similar to Vec::with_capacity and Vec::try_with_capacity.
In languages that provide them, you could also throw a runtime exception that can be ignored and just bubbles up to main unless explicitly caught.

hades@programming.dev on 04 Aug 16:22 collapse

Interestingly, Rust is what brought me to this rabbit hole. It does indeed panic in now()[1], but the devs seem to be reluctant to provide the try_now() variant[2].

[1] doc.rust-lang.org/nightly/src/std/…/time.rs.html#… [2] github.com/rust-lang/rust/issues/115482

Treczoks@lemmy.world on 04 Aug 14:29 next collapse

Return an error, respectively, in a language that supports it, raise an exception.

In my systems, nearly every call returns a status, and it is advisable to check this status. I had a number of long calls with windows programmers who complained about my system failing at some point, and most often, the reason was an ignored Non-OK status return at some point in the past.

Like “Your system loses the file I’m writing!”. FileSystem_Open() returned a non-OK value (I don’t remember the reason, but there was one). FileSystem_Write() returned a non-OK value (file pointer invalid). FileSystem_Close() returned a non-OK value (file pointer invalid). And he complains about a file that is not there…

eager_eagle@lemmy.world on 04 Aug 14:51 next collapse

you should do what’s idiomatic for that language, e.g.: return an error in Rust; raise an exception in Python or Java; return an integer != 0 in C; etc.

Panic/crash/segfault

probably the worst option for a library

senkora@lemmy.zip on 04 Aug 15:46 next collapse

+1. If your library makes it impossible to recover from errors, then it will be unusable from any program that requires recovering from errors.

hades@programming.dev on 04 Aug 16:23 collapse

probably the worst option for a library

Even worse than returning garbage? :)

eager_eagle@lemmy.world on 04 Aug 18:04 collapse

If it’s garbage as in a string with a bunch of information that is hard to parse, yeah, crashing without giving the caller a way to avoid it might be worse. But what is exactly this garbage and in what cases are you considering returning it at all?

hades@programming.dev on 05 Aug 02:50 collapse

Uninitialized automatic variables. E.g. (in C/C++):

int get_time() {
  int time;
  syscall(/* something that fails */, &time);
  return time;
}

HaraldvonBlauzahn@feddit.org on 04 Aug 20:55 collapse

For Rust, return Result<> , as is idomatic in Rust.

Another possible method is having an installable handler that handles the error at the place it is detected. Common Lisp does that and it is very powerful.

hades@programming.dev on 05 Aug 02:46 collapse

Rust seems to think panicking is better: github.com/rust-lang/rust/issues/115482