Jump to content

  • Log In with Google      Sign In   
  • Create Account

FREE SOFTWARE GIVEAWAY

We have 4 x Pro Licences (valued at $59 each) for 2d modular animation software Spriter to give away in this Thursday's GDNet Direct email newsletter.


Read more in this forum topic or make sure you're signed up (from the right-hand sidebar on the homepage) and read Thursday's newsletter to get in the running!






Error handling in Epoch

Posted by ApochPiQ, 15 September 2011 · 331 views

As I gear up towards rewriting the Epoch compiler in Epoch, instead of in C++, I've found myself running up against a handful of peripheral issues that affect the ability to write real code in Epoch in the first place.

One of these issues relates to error handling. In my opinion, most languages conflate several issues which surround error handling, all of which should ideally be orthogonal:

  • Propagating error information as failures occur
  • Adjusting control flow in the presence of error circumstances
  • Maintaining certain contractual semantics (this file will get closed, that memory will get freed, etc.)
  • Responding to and possibly recovering from error conditions

Consider C++ exceptions. The combination of stack unwinding and object destructors, when used with the RAII idiom, means that exceptions/RAII typically conflate all four issues! Error information is propagated by the exception payload itself; control flow is modified by stack unwinding and catch() blocks; contractual semantics are handled by RAII; and recovery is again handled by catch(). Two mechanisms, four distinct jobs... blech!

C# or Java exceptions are similar, except they rely on finally() blocks to handle contractual obligations that are not easily enforced in purely garbage-collected languages.

Continuation-passing style is a nice way to avoid conflating control flow with error propagation, but IMHO continuations are even harder to reason about than gotos, and are not really desirable in most code.

So how will Epoch address these four issues? I intend to keep each of the four aspects as independent as I can. Here's how it will work:

  • Error information is propagated solely by passing parameters or returning values to/from functions
  • Control flow can be abstracted using guard {} entities and the evacuate() function
  • Contractual semantics are handled by one of two mechanisms: transactional entities, or deterministically destructed objects
  • Error recovery/response is accomplished using local functions

Consider the following Epoch code, which sadly will not compile yet:

entrypoint : () -> ()
{
	sqrt(-1)
}

This minimal program will (theoretically) terminate due to sqrt() throwing an error. Specifically, sqrt() calls evacuate(), which performs stack unwinding up to the most recently-encountered guard {} entity, or abnormally kills the program if no guard {} is present.

So if we want to avoid vomiting due to sqrt() failures, we simply wrap the possibly-failing call in a guard entity:

entrypoint : () -> ()
{
	guard
	{
		sqrt(-1)
		debugwritestring("This line will never be printed!")
	}
}

The debugwritestring() call will never execute, because once sqrt() evacuates, the guard will abandon the rest of the code in its block and return control flow to the next statement in the program.

Now, suppose we want something a little richer: foo() is a function which can throw an error code, or return a value. However, it will not do both at the same time - i.e. it does not return a magic value to indicate an error. If something does go wrong, it does a little more than sqrt() does: it calls evacuate() with a parameter.

This parameter is stored in a special register by the VM, and can be handed off to a function call via guard:

entrypoint : () -> ()
{
	guard(recover)
	{
		foo()
	}
}

recover : (integer(error)) -> ()
{
	debugwritestring("Error code: " ; cast(string, error))
}

When foo() evacuates, it attaches an integer into the special register. The guard() entity in this case has a parameter as well, which is the name of a function to call if the guard catches an evacuation in progress.

So what happens if foo() evacuates with a string instead of an integer? Well, turns out that guard {} treats its function as if it had pattern matching enabled. If guard cannot find an overload that succeeds in the pattern match, it silently re-evacuates with the same parameter it was given. This allows evacuations to cascade up the call stack until they find an appropriate handler, similar to exception handling in many other languages.

What's cool about this is that we can use the full extent of Epoch's pattern matching facilities to handle errors!


entrypoint : () -> ()
{
	guard(recover)
	{
		foo()
	}
}

recover : (SPECIFIC_INTEGER_ERROR_CODE) -> ()
{
	debugwritestring("A very specific error occurred!")
}

recover : (integer(error)) -> ()
{
	debugwritestring("Error code: " ; cast(string, error))
}


Now, obviously this thing is kind of ugly if we want to contain error recovery to a specific area. What if error recovery needs to handle local state from the calling function? Clearly, this business of calling external functions isn't going to fly!

Thankfully, Epoch allows nested function definitions. We can also use a function before it appears in code, i.e. we don't have to write foo() { ... } before calling foo. This lets us write the following code:

entrypoint : () -> ()
{
	guard(recovery)
	{
		foo()
	}

	recovery : (SPECIFIC_ERROR_CODE) -> () { debugwritestring("Specific error") }
	recovery : (integer(error)) -> () { debugwritestring("General error: " ; cast(string, error)) }	
}

We could even define local variables like "bletch" inside of entrypoint(), and refer to them from within the recovery() function overloads. We can also have any number of functions that have internal recovery() functions.


To wrap up, here's some real pie-in-the-sky speculation. This involves lambda syntax and generics, neither of which exist in Epoch yet, but are high on the priority list.

entrypoint : () -> ()
{
	guard( [ ] : (<T>(error)) -> () { debugwritestring("Error!") } )
	{
		foo()
	}
}

In this snippet, we pass guard an anonymous lambda (I'm stealing C++11's syntax for this temporarily, just for lack of a better notation offhand). The lambda accepts one generic parameter, whose type is denoted by T (its genericity is denoted by the angle brackets). The parameter is named error but not used directly (since we can't do anything useful without knowing its concrete type).

This enables the guard to handle any evacuation payload with the same response. It's not very practical, but it does show the direction I'm heading with the language a bit, and illuminates some of the (speculative) ideas I've had on syntax and notation.


Keeping in mind that all this is set in wet concrete, let me know what you think!




Nice. :)

Is it possible to pass no parameters / more than one parameter to evacuate() (and - maybe opening a different can of worms - would it be possible to catch them generically)? I'm not saying this would actually be a good idea or not, it's just something that sticks out.

Is there any kind of "exception specification" so a user can know what functions "throw" what (or fulfil what "exception safety guarantees")? (or maybe that's just something that could be relegated to an IDE tool).
I was looking at a similar pattern matching sort of implementation for exception handling, though I also don't see how this is too much different from y'know... exception handling. It certainly a bit cleaner syntax/implementation, but I'm not sure how this gets you too far down your orthogonal road in practice.
evacuate() can accept 0 parameters, sure. Handling them via generics is definitely something I'd like to see, as sketched out in the final code snippet.


As for the orthogonality - I'll admit it does still entangle control flow and out-of-band error information, although I tend to think of that as the least harmful pairing. I certainly am having trouble thinking up a clean way to do out-of-band error tracking that doesn't amount to global state, which is just icky.

The real bonus comes when you start thinking about deterministic destruction and contract enforcement. I'll write up some more details on my thoughts in those areas later on.
Oh sure, I don't disagree that simply being able to supply/reuse exception handlers is a fairly significant win. Just pointing out that nothing here seems too distant from exceptions like you suggested (though I think that we maybe shouldn't strive too far from them without good reason).

December 2014 »

S M T W T F S
 123456
78910111213
14151617181920
2122232425 26 27
28293031   

Recent Entries

Recent Comments

PARTNERS