Remove panic! instances #69
Conversation
|
I get the instinctual reaction that "crashing our client's app is bad", but I personally don't think that all errors should be translated to run-time errors. In particular, I think that it doesn't make sense to capture logic-errors in this crate as run-time errors to the user, since there's really nothing the downstream user can do with them. |
I'd like to second that. (Things might look different in high assurance environments when a safe system state needs to be ensured even in the presence of logic errors. But even there, this might happen by catching panics top-level and resetting the system.) Looking at the diff here, the original panic message panic!("Unexpected reinsert. This is a bug in rstar.")does suggest that there are indeed no runtime conditions that make this valid and hence a panic seems appropriate. |
| @@ -68,13 +71,13 @@ impl InsertionStrategy for RStarInsertionStrategy { | |||
| match forced_insertion::<T, Params>(root, node_to_reinsert, target_height) { | |||
| InsertionResult::Split(node) => insertion_stack.push(PerformSplit(node)), | |||
| InsertionResult::Reinsert(_, _) => { | |||
| panic!("Unexpected reinsert. This is a bug in rstar.") | |||
| Err("Unexpected reinsert. This is a bug in rstar.")? | |||
There was a problem hiding this comment.
There was a problem hiding this comment.
(Actually, I think running cargo fmt --all -- --check and cargo clippy --all -- --deny warnings as part of the CI would be nice.)
There was a problem hiding this comment.
To give a bit more background about why this panic should never be hit: The algorithm will from time to time (when a node overflows) attempt to reinsert (remove and insert again) a point to improve the tree's internal structure. This is what InsertionResult::Reinsert(_,_) means - it tells the top level function (the beginning of the recursion) that some point should be reinserted.
Since inserting that point can lead to another reinsertion (and possibly even an endless loop), reinsertion is only attempted once. That's where forced_insertion differs - it will never allow re-inserting an element.
I think the best way to get rid of the panic would be to modify the return type of forced_insert to a new ForcedInsertionResult enum which doesn't contain a reinsert entry. Then this branch would not appear in the first place.
| @@ -125,24 +128,24 @@ where | |||
| if node.children.len() < expand_index { | |||
| // Force insertion into this node | |||
| node.children.push(t); | |||
| return resolve_overflow::<_, Params>(node, current_height); | |||
| return Ok(resolve_overflow::<_, Params>(node, current_height)); | |||
| } | |||
|
|
|||
| let expand = if let RTreeNode::Parent(ref mut follow) = node.children[expand_index] { | |||
There was a problem hiding this comment.
I think this line also good to compare to the panic invocation below. This indexing into node.children could panic and would do so for the same reason the explicitly visible panic would be triggered, i.e. because the internal function choose_subtree gave an incorrect result.
|
Thanks both, I think you're absolutely correct w/r/t "if this panics it's a bug, and we should figure out what's gone wrong". Do you feel that there's any need to note that a panic can occur (though I would prefer to understand the conditions that could produce this first and document those) Regarding formatting / clippy in CI, we've discussed it for other georust repos before: I'd prefer to warn rather than fail, and I don't think we came up with a good way to do that, but am very happy to investigate suggestions. Finally, I have no idea why this was a PR and not an issue. Sorry! |
If a panic is part of the contract of an API than this should be noted in a I would also like to repeat pointing out the slice indexing two lines above the panic invocation: Just because there are two explicit
Personally, warnings are what I want when working locally. I think errors are fine in the CI as I would not want to merge PR with faulty formatting or unhandled warnings, even if it means suppressing some. And one can always wrangle commits manually if it is an emergency of some sort. |
rstar/CHANGELOG.mdif knowledge of this change could be valuable to users.While tidying the doc links etc earlier, I came across a couple of instances of
panic!. While these are clearly intended to cover unlikely corner cases, this is…not good? I certainly didn't realise that we potentially had to catch panics when e.g. calculating euclidean distances ingeo. So far, I haven't even defined an actual error type yet, but am obviously happy to do so if people feel that it's warranted.