nimforum mirror - Cheap exceptions, opinionated error handling

Araq (orginal) [2024-05-29T19:10:40+02:00] view original

Usually this would be a forum post but I need decent table rendering so...

https://gist.github.com/Araq/3323cd15c8ccce1f42853bd586f24ebe

ASVI (orginal) [2024-05-29T20:35:47+02:00] view original

Looks cool, however I'm a bit confused that it's enum, ie I can't add my own error codes. For example, I have a red button and if it is pressed there should be a red alert error. The most appropriate is Failure. However, if the party calling my function intercepts Failure, then this red button will not work and something bad will happen (example 1). Pre-defined enum values are really useful because it brings consistency to the Nim ecosystem (I'll know what I'm using), but sometimes you just need to add something library-related that can't be captured by a regular function that wasn't designed to capture it. I think it would be nice, besides the possibility to use standard values that will be used almost always, to add the possibility to add your own, so that you can avoid handling some code in a function not designed to handle it.

Araq (orginal) [2024-05-29T21:06:23+02:00] view original

There is a natural extension of the design by allowing .raises: MyEnum. I don't like it though because people will use it and then the problem is reinforced of having to translate between different error states.

doofenstein (orginal) [2024-05-29T22:12:47+02:00] view original

I suppose additional error information have to be given as return values?

proc p(args): T {.raises: ErrorCode.} is translated to proc p(args): (ErrorCode, T) when T is an integral type (int etc.). [...] This seems to produce the best code for the common architectures (x86, x86_64, ARM, RISC V). The errors are propagated through CPU registers.

For Windows x64 at most 64-bit structs may be returned via registers (which is easily hit as 64-bit integers are default in Nim). See https://godbolt.org/z/vKGoGxGrn

The same gose for 32-bit ARM except that it is only 32-bit. See https://godbolt.org/z/96W1oEvMK

For both cases there are exceptions. E.g. on 32-bit ARM a 64-bit integer or vector may be returned in two registers https://godbolt.org/z/MqMWeYr47 and for Windows x64 a 128-bit vector may be returned in an SSE register.

ASVI (orginal) [2024-05-29T22:45:47+02:00] view original

In the example about the red button, I was talking about some external factor that most of the code (especially other people's code) doesn't know about and enum ErrorCode. For example, vulkan has a VkResult https://registry.khronos.org/vulkan/specs/1.3-extensions/man/html/VkResult.html for example VK_ERROR_TOO_MANY_OBJECTS, it has ErrorCode FullError, but the party catching the exception can catch FullError, and usually it is memory specific on the process, but in vulkan this memory is on the gpu (and will probably have to be freed on the gpu). A regular Full Error does not take this specificity into account, so it would be nice to register your own GpuFullError (by the way, vulkan api has a lot of errors that don't really fit into the regular ErrorCode). Besides the same GpuFullError is useful because of raises pragma, for example I want to forbid the possibility to use functions that can overflow the number of objects on gpu.

As for adding Custom Error Codes via raises, I think it should be. However, I think that wherever there will be Error Codes documentation it should be mentioned that custom codes should be used only if it is really necessary (which should be very rare). Since otherwise it will get in the way.

Araq (orginal) [2024-05-29T22:55:45+02:00] view original

The same goes for 32-bit ARM except that it is only 32-bit. See https://godbolt.org/z/96W1oEvMK

Strange, this doesn't match my experiments. I didn't keep the code though. :-/

Araq (orginal) [2024-05-29T22:58:18+02:00] view original

for example VK_ERROR_TOO_MANY_OBJECTS

That would be ResourceExhaustedError, IMO btw.

ASVI (orginal) [2024-05-29T23:16:57+02:00] view original

VK_ERROR_TOO_MANY_OBJECTS occurs when the number of allocations exceeds maxMemoryAllocationCount due to vkAllocateMemory. So I think the ResourceExhaustedError doesn't really fit here.

mildred (orginal) [2024-05-29T23:28:47+02:00] view original

Sometimes you need additional context on the error, for example when erroring out because a spawned process fails, the error code or kill signal could be useful.

Also, when handling the error, it's often useful to know what the program was doing. For example in an IOError, knowing the file path that caused the error can be very useful.

I was long thinking this kind of information is really mapping the stack frames. It's kind of stack frame context metadata for the errors. Could it be possible to have thread-local or stack-local variables where such context could be added in case of an error. That would make perfectly sense to me. Like a thread-local errno where it's possible to add string data.

Araq (orginal) [2024-05-30T00:26:17+02:00] view original

Additional error information can always be done with thread local storage. It tends to work better as there is not a constant function call argument/result shuffling but the jury is still out on that.

Araq (orginal) [2024-05-30T17:32:06+02:00] view original

> So, if a person would like to use a library method - proc canOverflow() {.raises: ErrorCode.} he may assume that any sort of exception, including that HTTP 404 could be thrown from that proc?

HTTP 404 is not a possible value of ErrorCode. The value is called NameNotFound and is more general.

Yes canOverflow can produce NameNotFound in theory. But you don't "assume" that, you assume that canOverflow can fail for sort of possible reasons including reasons that currently are impossible but due to implementation changes can expand. Don't enumerate the error cases.

Araq (orginal) [2024-05-30T17:34:25+02:00] view original

And if it is a return-value, is there still room for additonal info?

Sure but this additional information is available via thread local storage. There should be some syntactic sugar for that but it's not yet written down.

alexeypetrushin (orginal) [2024-06-01T07:08:42+02:00] view original

Yes canOverflow can produce NameNotFound in theory.

It means, when using library function proc someFn() {.raises: ErrorCode.} - there's no way to understand what are the special cases (errors) for this proc and how they should be handled. Basically it's as good as using int instead of ErrorCode - basically, loosing the type safety.

Basically, it's same as using huge FlagCode enum for everything proc openFile(fname: string, flag: FlagCode) and proc startHttpServer(port: int, flag: FlagCode).

Maybe it's better to be clear about what it is - a way to achieve high performance, with the cost of loosing type safety and readability. And use plain int instead of ErrorCode.

alexeypetrushin (orginal) [2024-06-01T08:21:52+02:00] view original

Dealign with errors, from my experience - usually there are two cases:

you ether don't care about it, and handle at the top level, like intercept it and show message "Error happens, bla bla". In this case, you don't care about any annotations or error types or codes, whatever will work fine.

error handling very important, for reliable servers etc., when you need to know exactly what kind of errors could be thrown by function, and act accordingly, like clean resources in some cases or retry in another. And you need to know exactly what could be thrown by function.

Explicit error return with the result, works very well in this case, as it forces you to explicitly handle all possible scenarios. Using ErrorCode will be very hard to use.

Say you use sendData proc. from "networking library v1", you carefully wrote your code, and handled all the error cases. But after the update to "networking library v2", the sendData implementation has been changed, and now it throws one more type of exception. With specific error types the compiler would fail and notify you, with ErrorCode you would have no idea that the code is not valid anymore and the server may crash because of new unhandled error type.

jackhftang (orginal) [2024-06-01T09:51:15+02:00] view original

I would like add my two cents on this topic from software engineering viewpoint.

Before comment on the proposal, I want to state some opinionated principles about error handling.

Each component should only catch an exception if and only if the component is responisble to handle the exception.

If a component encounter an exception that it is not responsible to handle, the component should propagate up the exception completely. Complete means no information lost.

These principles applies to multi-language multi-serivce system. For example, in a micro-services environment, a service A written in Nim make an HTTP call to service B written in Java, and service B encounter an exception that it is not responsible to, then service B should return a json response (or whatever format) that contain all necessary info (e.g. error code, error message...) that service A can reconstruct the error completely in Nim. And if serivce A also not responsible to that exception, this process will continue.

Go back to the proposal, some comments:

The proposal say that "... ErrorCode that covers everybody's use case..." IMO, this is unrealistic. For example, a money transaction Transaction(sender:AccountId, receiver:AccountId, amount:Currency) and a procedure process(t: Transaction) that process the transaction. The process can fail if the sender do not have enough balance; or if the account of sender/receiver is freezed; or if the sender has already exceed daily transaction limit; or etc. From what I see in the proposed ErrorCode list, generic Failure is best for the above three. It is not PermissionDenied nor BadOperation. In my experience, the unhappy paths are increasing over time, and they must be distinguishable. A generic fixed set of status codes is not practical. HTTP status code is long-known to be ambiguous. HTTP status code is more for observability for third-party tools, rather than error handling within a system.

It seems to me the proposal try to avoid "error translation". My understanding of error translation is that a component catch the error X and then re-wrap the error as Y. My point of view (as following the principle above) is that if that translation is part of the responsibility of the component, then go ahead; if not, then no translation should be conducted and the error should be propagated up completely. This depends on application logics, and 'translation of error' should not be considered as evil.

IMO, current Nim's error hierarchy is working fine. Co-existing two mechanisms/style of error handling will reduced readability and style consistence.

IMO, the cost of throwing exception is neglectable. Any single IO operation takes way longer than exception propagation. And the extra information associated with error are not to be dropped (as proposed to put into thread local storage).

Araq (orginal) [2024-06-01T18:18:46+02:00] view original

It is not a proposal. I know it says it is one but it's in a "pre" state. It's not an RFC. ;-)

As for the other arguments, typically it boils down to "I need more control". Sure, fair enough, go ahead. By using the function's return type, not the exception mechanism which is by design uses a different granularity.

mildred (orginal) [2024-06-03T16:59:29+02:00] view original

It boils down to the user of a specific function that either :

wants to ignore the error if there is any, and let the error bubble up the call stack without manual code for it

want to handle the error in case it happens because this is significant to the code

Why not something like a function out parameter or return value of type ErrorCode that the caller has the option to either ignore, in which case the error would be propagated automatically, or to use and act on it, in which case the error is handled by the caller and not propagated.

This different than the try ... except syntax because try would catch any exception thrown by the code within whereas the out parameter could propagate only some errors the inner function chose to make available while still keeping the ability to throw unrelated exceptions.

proc perform_some_request(args: Args, err: var ErrorCode) =
  let req = newRequest(args) # allocation could fail and will throw
  req.perform(err) # request could fail but the error is nicely propagated to the parent

try:
  var err ErrorCode
  perform_some_request(args, err)
  if err:
    # the request could not complete, do something reasonable for it
except:
  # there is an unrecoverable error, log it and exit

If the error argument is not provided, then the exception is thrown. Of course if the ErrorCode is just an int, the message and stack trace and context would be accessible via local storage transparently.

morturo (orginal) [2024-06-05T01:39:46+02:00] view original

This looks like the complete opposite approach used by Zig. It's limited, and I don't like that. I'd rather go with the Zig approach—an enum that grows at compile time, without the Rust problem of converting results.

ElegantBeef (orginal) [2024-06-05T05:10:39+02:00] view original

If each error code were to be turned into a Defect, everything would be here to have that. Since defects should not be caught already they should not have fields this likely should have 0 issues with present code. This means MyDefect = object of Defect could add an 'enum' value to the Defect type. This would allow user defined defects.

Mirror of forum.nim-lang.org

11670 :: Cheap exceptions, opinionated error handling