forked from cosmos/cosmos-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Baseapp recovery middleware (cosmos#6053)
* baseapp: custom panic handling withing app.runTx method * baseapp: recovery middleware chain unit test added * CHANGELOG.md update * ADR-22 link added; godocs update * CHANGELOG.md: ADR-022 url fix * CoreDocs added for custom panic recovery middleware
- Loading branch information
Mikhail Kornilov
authored
Jun 5, 2020
1 parent
1e6953c
commit ced080a
Showing
7 changed files
with
266 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
package baseapp | ||
|
||
import ( | ||
"fmt" | ||
"runtime/debug" | ||
|
||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" | ||
) | ||
|
||
// RecoveryHandler handles recovery() object. | ||
// Return a non-nil error if recoveryObj was processed. | ||
// Return nil if recoveryObj was not processed. | ||
type RecoveryHandler func(recoveryObj interface{}) error | ||
|
||
// recoveryMiddleware is wrapper for RecoveryHandler to create chained recovery handling. | ||
// returns (recoveryMiddleware, nil) if recoveryObj was not processed and should be passed to the next middleware in chain. | ||
// returns (nil, error) if recoveryObj was processed and middleware chain processing should be stopped. | ||
type recoveryMiddleware func(recoveryObj interface{}) (recoveryMiddleware, error) | ||
|
||
// processRecovery processes recoveryMiddleware chain for recovery() object. | ||
// Chain processing stops on non-nil error or when chain is processed. | ||
func processRecovery(recoveryObj interface{}, middleware recoveryMiddleware) error { | ||
if middleware == nil { | ||
return nil | ||
} | ||
|
||
next, err := middleware(recoveryObj) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return processRecovery(recoveryObj, next) | ||
} | ||
|
||
// newRecoveryMiddleware creates a RecoveryHandler middleware. | ||
func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) recoveryMiddleware { | ||
return func(recoveryObj interface{}) (recoveryMiddleware, error) { | ||
if err := handler(recoveryObj); err != nil { | ||
return nil, err | ||
} | ||
|
||
return next, nil | ||
} | ||
} | ||
|
||
// newOutOfGasRecoveryMiddleware creates a standard OutOfGas recovery middleware for app.runTx method. | ||
func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) recoveryMiddleware { | ||
handler := func(recoveryObj interface{}) error { | ||
err, ok := recoveryObj.(sdk.ErrorOutOfGas) | ||
if !ok { | ||
return nil | ||
} | ||
|
||
return sdkerrors.Wrap( | ||
sdkerrors.ErrOutOfGas, fmt.Sprintf( | ||
"out of gas in location: %v; gasWanted: %d, gasUsed: %d", | ||
err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), | ||
), | ||
) | ||
} | ||
|
||
return newRecoveryMiddleware(handler, next) | ||
} | ||
|
||
// newDefaultRecoveryMiddleware creates a default (last in chain) recovery middleware for app.runTx method. | ||
func newDefaultRecoveryMiddleware() recoveryMiddleware { | ||
handler := func(recoveryObj interface{}) error { | ||
return sdkerrors.Wrap( | ||
sdkerrors.ErrPanic, fmt.Sprintf( | ||
"recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack()), | ||
), | ||
) | ||
} | ||
|
||
return newRecoveryMiddleware(handler, nil) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package baseapp | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
// Test that recovery chain produces expected error at specific middleware layer | ||
func TestRecoveryChain(t *testing.T) { | ||
createError := func(id int) error { | ||
return fmt.Errorf("error from id: %d", id) | ||
} | ||
|
||
createHandler := func(id int, handle bool) RecoveryHandler { | ||
return func(_ interface{}) error { | ||
if handle { | ||
return createError(id) | ||
} | ||
return nil | ||
} | ||
} | ||
|
||
// check recovery chain [1] -> 2 -> 3 | ||
{ | ||
mw := newRecoveryMiddleware(createHandler(3, false), nil) | ||
mw = newRecoveryMiddleware(createHandler(2, false), mw) | ||
mw = newRecoveryMiddleware(createHandler(1, true), mw) | ||
receivedErr := processRecovery(nil, mw) | ||
|
||
require.Equal(t, createError(1), receivedErr) | ||
} | ||
|
||
// check recovery chain 1 -> [2] -> 3 | ||
{ | ||
mw := newRecoveryMiddleware(createHandler(3, false), nil) | ||
mw = newRecoveryMiddleware(createHandler(2, true), mw) | ||
mw = newRecoveryMiddleware(createHandler(1, false), mw) | ||
receivedErr := processRecovery(nil, mw) | ||
|
||
require.Equal(t, createError(2), receivedErr) | ||
} | ||
|
||
// check recovery chain 1 -> 2 -> [3] | ||
{ | ||
mw := newRecoveryMiddleware(createHandler(3, true), nil) | ||
mw = newRecoveryMiddleware(createHandler(2, false), mw) | ||
mw = newRecoveryMiddleware(createHandler(1, false), mw) | ||
receivedErr := processRecovery(nil, mw) | ||
|
||
require.Equal(t, createError(3), receivedErr) | ||
} | ||
|
||
// check recovery chain 1 -> 2 -> 3 | ||
{ | ||
mw := newRecoveryMiddleware(createHandler(3, false), nil) | ||
mw = newRecoveryMiddleware(createHandler(2, false), mw) | ||
mw = newRecoveryMiddleware(createHandler(1, false), mw) | ||
receivedErr := processRecovery(nil, mw) | ||
|
||
require.Nil(t, receivedErr) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
<!-- | ||
order: 9 | ||
--> | ||
|
||
# RunTx recovery middleware | ||
|
||
`BaseApp.runTx()` function handles Golang panics that might occur during transactions execution, for example, keeper has faced an invalid state and paniced. | ||
Depending on the panic type different handler is used, for instance the default one prints an error log message. | ||
Recovery middleware is used to add custom panic recovery for SDK application developers. | ||
|
||
More context could be found in the corresponding [ADR-022](../architecture/adr-022-custom-panic-handling.md). | ||
|
||
Implementation could be found in the [recovery.go](../../baseapp/recovery.go) file. | ||
|
||
## Interface | ||
|
||
```go | ||
type RecoveryHandler func(recoveryObj interface{}) error | ||
``` | ||
|
||
`recoveryObj` is a return value for `recover()` function from the `buildin` Golang package. | ||
|
||
**Contract:** | ||
* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; | ||
* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; | ||
|
||
## Custom RecoveryHandler register | ||
|
||
``BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)`` | ||
|
||
BaseApp method adds recovery middleware to the default recovery chain. | ||
|
||
## Example | ||
|
||
Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. | ||
|
||
We have a module keeper that panics: | ||
```go | ||
func (k FooKeeper) Do(obj interface{}) { | ||
if obj == nil { | ||
// that shouldn't happen, we need to crash the app | ||
err := sdkErrors.Wrap(fooTypes.InternalError, "obj is nil") | ||
panic(err) | ||
} | ||
} | ||
``` | ||
|
||
By default that panic would be recovered and an error message will be printed to log. To override that behaviour we should register a custom RecoveryHandler: | ||
```go | ||
// SDK application constructor | ||
customHandler := func(recoveryObj interface{}) error { | ||
err, ok := recoveryObj.(error) | ||
if !ok { | ||
return nil | ||
} | ||
|
||
if fooTypes.InternalError.Is(err) { | ||
panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
baseApp := baseapp.NewBaseApp(...) | ||
baseApp.AddRunTxRecoveryHandler(customHandler) | ||
``` |