-
Notifications
You must be signed in to change notification settings - Fork 497
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Empty catch block in watch stream event handling #593
Comments
OK, I can see there's an explicit test for that: Line 320 in 5988253
Introduced as part of #250. I'm still not sure whether that's the correct behavior? If the HTTP connection got terminated, and sent an incomplete JSON - it should fail? The original commit also says this:
It seems the |
If the network fails half-way through sending a response, is that really an error? My answer is 'no' The watch will get closed for other reasons (e.g. the network stream stopping) and I don't think we want to issue multiple done callbacks in that case. Is this causing problems? |
It's a silent And more importantly - it also wraps around the
Just so I understand this properly... what you're saying is that without this silent |
Regarding wrapping the user callback, that is a fair request. I guess it's arguable whether a user callback failing should kill the watch or not. My feeling is that a user should catch all their own errors (e.g. callback() should never throw). This is roughly akin to the way that Java works where if you throw in the middle of a thread Java just eats the exception. Taking out the watch because of an exception is a pretty extreme thing to do imho. I suppose that we could always log any exceptions that come out of the callback, but keep running. That seems reasonable, would that work for you? And yes, the sequence goes like this: half a JSON object is streamed over TCP, TCP connection is severed, JSON object is attempted to be parsed, but since it's only half an object, parsing fails, because TCP is severed, network done is issued. |
Is "never throw" a reasonable expectation to ask of a user of a library? It's very hard to achieve in JS land, simply because it's very hard to implement a There's also the question of responsibilities - if the userland code inside I think overall the advice to "crash on exceptions" has really stood the test of time in Node land - you can't trust the state in your application after you had an error, so it's best to restart from scratch, so an One other way to address this would be to call the callback inside a In the end, I'd argue that the
OK, thanks for clarifying this. I'll try to think about this and I'll try to come back with some suggestions on different ways to achieve this goal if that's ok? The things I'd like to check / ideas to explore (note to self, mostly):
Sorry for the wall of text / being this particular about it - just looking for the best approach here to avoid surprises long term. |
I'm definitely open to proposals/ways to make this obey the principle of least surprise. |
"Crash on exceptions" really assumes that your application is single threaded (and yes, I know that node apps are single threaded, but in practice callbacks and promises create the illusions of multiple different threads) It's totally unclear to me that you want a watch crashing (especially if it's a background thread) to take down your entire application. |
But I agree that making it explicit for the user, and not forcing the decision on them is a good thing. So perhaps just a parameter ("abort on exception"?) |
Just to make sure we're discussing the same thing - I'm explicitly talking about calling the
I'm not sure I agree with this. I can see how this might make sense in Java or .NET, but that's just not how node applications are (or even should be) written canonically? Libraries, including built-ins, should not attempt to try to handle the user code. That is strictly outside their boundaries? Take this for example:
I don't think that it's worth it in the context of the callbacks (although worth pondering over as an option for the JSON.parse case). The default assumed behavior in Node.js is that if user's callback throws, then libraries don't handle that. The user always has an option to explicitly wrap their own callbacks in a I spent the last week rewriting a large chunk of our code to replace the GoDaddy's |
One more example from the Node.js world: if you have a stream (any stream from the core), and it emits an But generally, silent failures are the worst. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
/remove-lifecycle stale |
Can I open a PR with some suggestions to address this? We can continue the discussions there? |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
While trying to understand some unrelated issues I spotted the following:
javascript/src/watch.ts
Lines 121 to 123 in 5988253
It seems it got introduced in https://github.com/kubernetes-client/javascript/pull/289/files - but the reasoning is unclear to me. Can someone comment on this please?
I might be wrong of course, but it feels to me that if there can be unparseable messages, then they need to be handled? And if there can't be any then the try/catch might not be necessary, i.e. it is likely better if the app crashes and logs the details for people consuming this, rather than silently failing?
More importantly, this will also silence the user errors inside the
callback
, so if someone has a bug in their implementation - they would never see it?The text was updated successfully, but these errors were encountered: