Audit: Replace panics with Result returns #132

New issue

Closed

opened 2025-12-29 08:29:19 +00:00 by navicore · 1 comment

navicore commented 2025-12-29 08:29:19 +00:00 (Migrated from github.com)

Copy link

Summary

Audit all builtins and runtime functions to replace panics with proper Result/error returns. Errors should be values, not crashes.

Background

During the design discussion for Weaves (#131), we identified that several existing builtins use Rust panics for error conditions that should be recoverable:

"Building in a guaranteed crash of the process is hard to take seriously. The only reason to panic ever in a program is that you need some external help to recover."

Known Issues

Channel operations

• chan.receive - panics on closed channel
• chan.send - panics on closed channel
• The -safe variants exist (chan.send-safe, chan.receive-safe) but the naming is backwards

Naming convention problem

The current -safe suffix implies the default is unsafe. This is backwards:

• Current: chan.receive (panics) vs chan.receive-safe (returns Result)
• Better: chan.receive (returns Result) vs chan.receive! or chan.receive-unchecked (panics for perf-critical code)

Proposed Changes

1. Audit all builtins in builtins.rs and their runtime implementations
2. Convert panics to Results for all user-facing error conditions
3. Deprecate -safe suffix - make safe the default
4. Add -unchecked! suffix for explicit "I know what I'm doing" variants that skip checks for performance

Result Pattern

Seq already has std:result with proper Result/Option handling:

include std:result

# Functions should return Results
: safe-divide ( Int Int -- IntResult )
  dup 0 i.= if
    drop "Division by zero" Make-Err
  else
    i./ Make-Ok
  then
;

# Callers handle errors explicitly
10 0 safe-divide
result-ok? if
  result-unwrap use-value
else
  result-unwrap-err log-error
then

Audit Checklist

• chan.send / chan.receive
• variant.field-at (out of bounds)
• list.map / list.filter / list.fold (quotation errors)
• File operations
• String operations (index out of bounds, etc.)
• Type conversion operations
• Any other runtime panics

Non-Goals

Some panics are appropriate and should remain:

• Internal invariant violations (bugs in the runtime)
• Stack corruption / null pointer dereference
• Truly unrecoverable states

The distinction: user errors (bad input, closed channel, file not found) should return Results. Runtime bugs (impossible states, invariant violations) can panic.

## Summary Audit all builtins and runtime functions to replace panics with proper Result/error returns. Errors should be values, not crashes. ## Background During the design discussion for [Weaves (#131)](https://github.com/navicore/patch-seq/issues/131), we identified that several existing builtins use Rust panics for error conditions that should be recoverable: > "Building in a guaranteed crash of the process is hard to take seriously. The only reason to panic ever in a program is that you need some external help to recover." ## Known Issues ### Channel operations - `chan.receive` - panics on closed channel - `chan.send` - panics on closed channel - The `-safe` variants exist (`chan.send-safe`, `chan.receive-safe`) but the naming is backwards ### Naming convention problem The current `-safe` suffix implies the default is unsafe. This is backwards: - **Current:** `chan.receive` (panics) vs `chan.receive-safe` (returns Result) - **Better:** `chan.receive` (returns Result) vs `chan.receive!` or `chan.receive-unchecked` (panics for perf-critical code) ## Proposed Changes 1. **Audit all builtins** in `builtins.rs` and their runtime implementations 2. **Convert panics to Results** for all user-facing error conditions 3. **Deprecate `-safe` suffix** - make safe the default 4. **Add `-unchecked!` suffix** for explicit "I know what I'm doing" variants that skip checks for performance ## Result Pattern Seq already has `std:result` with proper Result/Option handling: ```seq include std:result # Functions should return Results : safe-divide ( Int Int -- IntResult ) dup 0 i.= if drop "Division by zero" Make-Err else i./ Make-Ok then ; # Callers handle errors explicitly 10 0 safe-divide result-ok? if result-unwrap use-value else result-unwrap-err log-error then ``` ## Audit Checklist - [ ] `chan.send` / `chan.receive` - [ ] `variant.field-at` (out of bounds) - [ ] `list.map` / `list.filter` / `list.fold` (quotation errors) - [ ] File operations - [ ] String operations (index out of bounds, etc.) - [ ] Type conversion operations - [ ] Any other runtime panics ## Non-Goals Some panics are appropriate and should remain: - Internal invariant violations (bugs in the runtime) - Stack corruption / null pointer dereference - Truly unrecoverable states The distinction: **user errors** (bad input, closed channel, file not found) should return Results. **Runtime bugs** (impossible states, invariant violations) can panic.

navicore commented 2025-12-30 02:29:12 +00:00 (Migrated from github.com)

Copy link

final fix https://github.com/navicore/patch-seq/pull/137

final fix https://github.com/navicore/patch-seq/pull/137

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

test3

test2

test-runner-pr

v6.5.2

v6.5.1

v6.5.0

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.2

v6.1.1

v6.1.0

v6.0.0

v5.7.1

v5.7.0

v5.6.5

v5.6.4

v5.6.3

v5.6.2

v5.6.1

v5.6.0

v5.5.1

v5.5.0

v5.4.1

v5.4.0

v5.3.0

v5.2.1

v5.2.0

v5.1.1

v5.1.0

v5.0.0

v4.2.1

v4.2.0

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.0

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.1.1

v1.1.0

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.21.0

v0.20.1

v0.20.0

v0.19.12

v0.19.11

v0.19.10

v0.19.9

v0.19.8

v0.19.7

v0.19.6

v0.19.5

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.8

v0.18.7

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.4

v0.3.3

v0.3.2

v0.3.1

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

refactor

Code refactoring and cleanup

  

rust

Pull requests that update rust code

  

technical-debt

Technical debt to address

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

refactor

rust

technical-debt

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

navicore/patch-seq#132

No description provided.