-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TransactionVerifier
shouldn't unwrap Result
s.
#1221
Comments
I've been looking into the TransactionVerifier, and I think this warrants a discussion more than action. The question is: What is the right thing to do when an irrecoverable error happens? One side of the extreme: Let's define what irrecoverable error means, and while I admit this is a tongue-in-cheek point, I'm making this point to clarify the red line. Let's say we open the database, and the database returns an error. What are we supposed to do in this case? The bad part here is that this can easily be caused by a hardware issue. There's virtually no way to detect this. The other extreme side: What if we expect on error that can happen for justified reasons? Hence, the rule of thumb is, if it's a logical, invariant error or hardware error, then we expect, and crash. That's better than behaving randomly. So, the better question for this issue is: What is it that isn't an invariant error that we should change? I'm open for that discussion. We can arrange a meeting for that. |
IMO it depends on the location where it happens. I'd say that in places like
I'd distinguish between logical/invariant errors and hardware ones. The former ones are bugs, so it's unreasonable to try to handle them in any way other than panicking. The latter ones IMO deserve to be reported to the user at least.
I'm not sure it's an invariant error in this case. I could be missing something though.
Sure. |
Currently,
TransactionVerifier
is too optimistic about error handling; in particular, it assumes that DB errors cannot happen andUtxosCache
creation will always succeed, callingexpect
on the correspondingResult
s. This may lead to crashes during node shutdown; in particular, bothexpect
calls inTransactionVerifier::new_generic
may fire when exiting thenode-gui
app.All calls to
Result::expect
must be removed and errors should be propagated properly.P.S. This may require some refactoring in mempool, which currently assumes that
TransactionVerifier
never fails.Also, mempool itself can sometimes be overly optimistic, assuming for example that chainstate is always alive; this should better be fixed too (e.g. look for the line
.expect("chainstate to live")
inmempool/src/pool/mod.rs
)The text was updated successfully, but these errors were encountered: