Error handling

[pitdicker]

This PR tries out some of the error handling we seem to be arriving at in the RFC tread.

For the error enum I have now:

pub enum Error {
    /// This RNG is permanently unavailable.
    NotAvailable,
    /// Needs (re)seeding. Depending on the RNG this can mean you have to wait
    /// and retry later, or you have to (re)seed it.
    EntropyLow,
    /// Failure, retry for a limited number of times.
    TemporaryFailure,
    /// Interrupted, usually by a signal from the OS.
    Interrupted,
    /// Any RNG error not part of this list.
    Other,
    #[doc(hidden)]
    __Nonexhaustive,
}

It occurred to me the variants EntropyExhausted and NetYetSeeded on the RFC thread are essentially the same, so I combined them into EntropyLow.

This commit partly undoes your work in 0a97209, I am sorry.
Maybe it is just me being to inexperienced, but the Result with two arguments looks clearer to me. I think it helps documentation-wise, as you can now click on the return type RngError in rustdoc and see the various causes. Because we have only four different methods that can return a Result, it does not really seem an ergonomic loss.

The second commit adds back fill_bytes. I gave try_fill a default implementation in terms of fill_bytes. This makes implementation of PRNGs (which usually never error) slightly simpler, as they don't have to use Result. Wrappers become slightly more complex, as they have to wrap another method.

In the third commit I tried out the new error handling with ReadRng.

Actually I was working on the OsRng implementations, and did not plan on writing this :-).
So I have not touched the code in os.rs that much yet.

[pitdicker]

I am slowly getting better at rebasing 😄

[pitdicker]

I did not add this From implementation yet.
I actually had one, that would map the IO errors you could get for OsRng to the appropriate RngError.
But I am not sure it would always be correct for other RNGs implementations. It are the more exotic ones that produce errors...

Not adding one forces RNG implementations to put a little more thought into their error handling. Which might be a plus... For ReadRng the missing implementation did not really make it more difficult, and I also expect it not to for OsRng.

[dhardy]

This sounds sensible to me.

[pitdicker]

via_u32 was a typo maybe?

[dhardy]

I'd prefer the name Error personally — less repetition and matches usual naming conventions.

[pitdicker]

I thought I was following some sort of convention after reading the Error Handling Chapter in TRPL again. But Error seems to be common, and it shorter. I will change it.

Also just noticed: It should implement the ::std::error::Error trait.

[dhardy]

Why remove this?

[pitdicker]

Have you seen my reason in the PR description?

In part the reason is that I was bitten by the redefined Result type ;-).
But I don't really see a reason to have it, as we only use it in the trait definitions in a handful of places.

In a library that uses the std::result::Result, would users also import rand::Result? Or would they want to use the std one and import our rand::Error?

It seems to me (but I am inexperienced) browsing documentation and copying examples is easier without the redefine...

[dhardy]

Not so keen on the doc or name for this one, and not sure if the two different things should be combined anyway — what's the advantage?

Possible doc: For PRNGs, this implies they should be (re)seeded. For external RNGs (e.g. OsRng) this implies you should wait and try again later.

[pitdicker]

Ok, I will split them

[dhardy]

I don't think there's any point implementing cause if it just returns None; this is the default impl.

[pitdicker]

Didn't notice that. No, than I can happily remove it

[dhardy]

Ok, removing the pub type Result<T> = .. bit and some of the small clean-ups I'm happy to merge now. I'm less sure about fill_bytes and Error... I guess that's something still to be decided.

[pitdicker]

I'm less sure about fill_bytes and Error... I guess that's something still to be decided.

Yes, the discussion has died down a bit, but I agree there are still some things open. I also have some unposted comments on my pc about it, that need finishing :-).

After playing with this Error enum a bit more, I miss that it can not return a cause. What do you think about a struct with this enum and a cause when using std, and with only the enum field for no_std?
Another try I did was storing only the OS errno as a cause in this gist. It has the advantage that it does no allocations, but can only contain this one error type.

[pitdicker]

Rebased and includes the changes discussed today in #9, #10 and #12.

I have not tested the new error struct much yet.

[dhardy]

Regarding my previous comment — any chance you can split this PR? I hate reviewing stuff this big. But also it might be better to merge the Isaac stuff first.

[pitdicker]

any chance you can split this PR?

I was careful to split the PR in 3 commits. Each should be the smallest change that keeps building.

It is your call. Shall I remove the second two commits, and make PR's for them when this one lands?

[dhardy]

Couple of minor things. Looks like two of my comments were addressed by a later commit.

[dhardy]

Handle this error?

[dhardy]

And this one

[dhardy]

Huh? Did this jump a line?

[pitdicker]

That is weird, will fix.

[dhardy]

Err(e) => return Err(Error::new(ErrorKind::Other, Box::new(e)))

[dhardy]

Nothing you can do with the given error type, but it does feel like the cause is missing here

[pitdicker]

It is fixed in the third commit, that gives ReadRng better error handling

[dhardy]

Default impl... I'd like not to have this

[pitdicker]

Maybe we can discuss it in #12? Personally I don't see a problem, but I may be missing something.

[dhardy]

There's an argument in the RFC about this

[pitdicker]

I will remove it

[pitdicker]

For OsRng there is a lot of room for improvement. I was working on this in a branch, but wanted this PR to get merged first. For OsRng it is going to mean lots of changes... (not looking forward to testing it)

[pitdicker]

Removed the default implementation of try_fill. Is it ok if I do the OsRng parts in another PR?

[dhardy]

Yes, I guess so. I'll merge this. Do a merge commit rather than a rebase on your other branch please.