Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: invoke user recover with implicit panics #3067

Merged
merged 15 commits into from
Nov 22, 2024
Merged

fix: invoke user recover with implicit panics #3067

merged 15 commits into from
Nov 22, 2024

Conversation

petar-dambovaliev
Copy link
Contributor

@petar-dambovaliev petar-dambovaliev commented Nov 4, 2024

Currently only explicit panic invocations are recovered in the user code.
This PR covers the implicit panics that happen because of invalid operations.
Associated issue

This maintains the distinction between VM panics and user panics.

Here is a list of possible runtime panics that we will cover.

  • Out-of-Bounds Slice or Array Access
  • Invalid Slice Indexing
  • Division by Zero and MOD zero
  • Type Assertion Failure
  • Invalid Memory Allocation (bad call to make())
  • Out-of-Bounds String Indexing
  • nil pointer dereference
  • Write to a nil map

Also, fixed a small bug with the builtint function make.
It wasn't panicking when cap > len

Copy link

codecov bot commented Nov 4, 2024

@ltzmaxwell
Copy link
Contributor

can you please add some tests for this?

@omarsy
Copy link
Member

omarsy commented Nov 5, 2024

I tried a fix similar to this one: #2484, but my approach wasn't preferred. They favor an indiscriminate runtime panic, which complicates things for me (it is possible, but need a refactoring). I see two options:

  1. Do not indiscriminate runtime panics (like your fix and my fix)
  2. Accept that runtime errors are not recoverable

@petar-dambovaliev
Copy link
Contributor Author

can you please add some tests for this?

its still WIP

@petar-dambovaliev
Copy link
Contributor Author

can you please add some tests for this?

tests added

@Kouteki Kouteki added the in focus Core team is prioritizing this work label Nov 10, 2024
@Kouteki Kouteki added this to the 🚀 Mainnet launch milestone Nov 10, 2024
Copy link
Contributor

@mvertes mvertes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

Copy link
Member

@omarsy omarsy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GG for this PR, it's a great improvement! However, I have a small issue regarding some cases where error handling with recover doesn't seem to work as expected. For example, in the Gno Native packages, like this one:

package main

import "time"

func main() {
    defer func() {
        r := recover()
        println("recover:", r)
    }()
    t := time.Now()
    t.In(nil)  
}

The issue here is that t.In(nil) causes an error, but there's no recovery mechanism for this situation. However, since Gno Native will no longer be supported in the future, perhaps we don't need to handle this case at this point.

We also have cases where panic occurs when we inject Go code injected into a Gno package. For example, this code:

package test

import "std"

func main() {
    defer func() {
        r := recover()
        println("recover:", r)
    }()
    banker := std.GetBanker(std.BankerTypeRealmSend)
    banker.SendCoins(std.CurrentRealm().Addr(), "", std.Coins{{"ugnot", 2000000000}})
}

I’ve seen this kind of panic occur, and I’m unsure if this should be recoverable.

Also, consider this case:

package test

import "time"

func main() {
    defer func() {
        r := recover()
        println("recover:", r)
    }()
    println(time.UTC == nil)
    time.UTC = nil
}

This could also cause an issue, and I’m not sure if this is something we should be able to recover from.

Just wanted to raise these points, but again, great job on this PR!

gnovm/pkg/gnolang/machine.go Outdated Show resolved Hide resolved
gnovm/pkg/gnolang/op_assign.go Show resolved Hide resolved
gnovm/pkg/gnolang/op_expressions.go Show resolved Hide resolved
@ltzmaxwell
Copy link
Contributor

some comments from @omarsy to be resolved, but otherwise LGTM. I'll approve this after.

@ltzmaxwell
Copy link
Contributor

ltzmaxwell commented Nov 18, 2024

We also have cases where panic occurs when we inject Go code injected into a Gno package. For example, this code:

package test

import "std"

func main() {
    defer func() {
        r := recover()
        println("recover:", r)
    }()
    banker := std.GetBanker(std.BankerTypeRealmSend)
    banker.SendCoins(std.CurrentRealm().Addr(), "", std.Coins{{"ugnot", 2000000000}})
}

I think this worth discussing, the defer is not executed as expected(maybe the panic is not needed to be recovered: it's not required for the actual functionality, but it feels a bit odd for developers.).

can you file another issue for this? @omarsy .

@petar-dambovaliev petar-dambovaliev merged commit 77e6606 into master Nov 22, 2024
100 of 101 checks passed
@petar-dambovaliev petar-dambovaliev deleted the 1148 branch November 22, 2024 23:31
@Kouteki Kouteki removed the in focus Core team is prioritizing this work label Nov 29, 2024
@gnolang gnolang deleted a comment from Gno2D2 Dec 2, 2024
r3v4s pushed a commit to gnoswap-labs/gno that referenced this pull request Dec 10, 2024
Currently only explicit panic invocations are recovered in the user
code.
This PR covers the implicit panics that happen because of invalid
operations.
Associated [issue](gnolang#1148)

This maintains the distinction between VM panics and user panics.

Here is a list of possible runtime panics that we will cover.

- [x] Out-of-Bounds Slice or Array Access
- [x] Invalid Slice Indexing
- [x] Division by Zero and MOD zero
- [x] Type Assertion Failure
- [x] Invalid Memory Allocation (bad call to make())
- [x] Out-of-Bounds String Indexing
- [x] nil pointer dereference
- [x] Write to a nil map

Also, fixed a small bug with the builtint function `make`.
It wasn't panicking when cap > len
albttx pushed a commit that referenced this pull request Jan 10, 2025
Currently only explicit panic invocations are recovered in the user
code.
This PR covers the implicit panics that happen because of invalid
operations.
Associated [issue](#1148)

This maintains the distinction between VM panics and user panics.

Here is a list of possible runtime panics that we will cover.

- [x] Out-of-Bounds Slice or Array Access
- [x] Invalid Slice Indexing
- [x] Division by Zero and MOD zero
- [x] Type Assertion Failure
- [x] Invalid Memory Allocation (bad call to make())
- [x] Out-of-Bounds String Indexing
- [x] nil pointer dereference
- [x] Write to a nil map

Also, fixed a small bug with the builtint function `make`.
It wasn't panicking when cap > len
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
📦 🤖 gnovm Issues or PRs gnovm related
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

6 participants