bug: Replace panic! with proper error handling in FFI runtime code #210

New issue

Closed

opened 2026-01-09 04:42:49 +00:00 by navicore · 1 comment

navicore commented 2026-01-09 04:42:49 +00:00 (Migrated from github.com)

Copy link

Problem

Runtime FFI functions use panic!() for error conditions, which can crash the entire program instead of gracefully handling errors.

Example from crates/runtime/src/string_ops.rs (lines 27-55):

pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> Stack {
    assert!(!stack.is_null(), "string_split: stack is empty");
    // ...
    match (str_val, delim_val) {
        (Value::String(s), Value::String(d)) => { /* ... */ }
        _ => panic!("string_split: expected two strings on stack"),  // CRASH!
    }
}

Impact

• Critical: Panics across FFI boundary cause undefined behavior
• Runtime errors crash the entire program instead of being catchable
• Users have no way to recover from type errors at runtime
• Poor debugging experience - stack traces may be corrupted

Affected Files

• crates/runtime/src/string_ops.rs - Multiple panic! calls
• crates/runtime/src/arithmetic.rs - Assert macros
• crates/runtime/src/io.rs - Panic on I/O errors
• Other runtime modules with extern "C" functions

Proposed Solution

Option 1: Error return codes

#[repr(C)]
pub struct RuntimeResult {
    stack: Stack,
    error_code: i32,  // 0 = success, non-zero = error
    error_msg: *const c_char,
}

pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> RuntimeResult {
    if stack.is_null() {
        return RuntimeResult::error(1, "stack is empty");
    }
    // ...
}

Option 2: Thread-local error state

thread_local! {
    static LAST_ERROR: RefCell<Option<String>> = RefCell::new(None);
}

pub unsafe extern "C" fn patch_seq_get_last_error() -> *const c_char { /* ... */ }

Option 3: Catch panics at FFI boundary

pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> Stack {
    std::panic::catch_unwind(|| {
        // existing logic
    }).unwrap_or_else(|_| {
        set_error("string_split panicked");
        stack  // return original stack unchanged
    })
}

Acceptance Criteria

• No panic!() or assert!() in extern "C" functions
• All runtime errors are catchable/recoverable
• Error messages are accessible from calling code
• Existing tests pass
• Add tests for error conditions

Labels

bug, runtime, high-priority

## Problem Runtime FFI functions use `panic!()` for error conditions, which can crash the entire program instead of gracefully handling errors. ### Example from `crates/runtime/src/string_ops.rs` (lines 27-55): ```rust pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> Stack { assert!(!stack.is_null(), "string_split: stack is empty"); // ... match (str_val, delim_val) { (Value::String(s), Value::String(d)) => { /* ... */ } _ => panic!("string_split: expected two strings on stack"), // CRASH! } } ``` ## Impact - **Critical**: Panics across FFI boundary cause undefined behavior - Runtime errors crash the entire program instead of being catchable - Users have no way to recover from type errors at runtime - Poor debugging experience - stack traces may be corrupted ## Affected Files - `crates/runtime/src/string_ops.rs` - Multiple panic! calls - `crates/runtime/src/arithmetic.rs` - Assert macros - `crates/runtime/src/io.rs` - Panic on I/O errors - Other runtime modules with `extern "C"` functions ## Proposed Solution ### Option 1: Error return codes ```rust #[repr(C)] pub struct RuntimeResult { stack: Stack, error_code: i32, // 0 = success, non-zero = error error_msg: *const c_char, } pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> RuntimeResult { if stack.is_null() { return RuntimeResult::error(1, "stack is empty"); } // ... } ``` ### Option 2: Thread-local error state ```rust thread_local! { static LAST_ERROR: RefCell<Option<String>> = RefCell::new(None); } pub unsafe extern "C" fn patch_seq_get_last_error() -> *const c_char { /* ... */ } ``` ### Option 3: Catch panics at FFI boundary ```rust pub unsafe extern "C" fn patch_seq_string_split(stack: Stack) -> Stack { std::panic::catch_unwind(|| { // existing logic }).unwrap_or_else(|_| { set_error("string_split panicked"); stack // return original stack unchanged }) } ``` ## Acceptance Criteria - [ ] No `panic!()` or `assert!()` in `extern "C"` functions - [ ] All runtime errors are catchable/recoverable - [ ] Error messages are accessible from calling code - [ ] Existing tests pass - [ ] Add tests for error conditions ## Labels bug, runtime, high-priority

navicore commented 2026-01-10 15:43:34 +00:00 (Migrated from github.com)

Copy link

https://github.com/navicore/patch-seq/pull/223

https://github.com/navicore/patch-seq/pull/223

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

test3

test2

test-runner-pr

v6.5.2

v6.5.1

v6.5.0

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.2

v6.1.1

v6.1.0

v6.0.0

v5.7.1

v5.7.0

v5.6.5

v5.6.4

v5.6.3

v5.6.2

v5.6.1

v5.6.0

v5.5.1

v5.5.0

v5.4.1

v5.4.0

v5.3.0

v5.2.1

v5.2.0

v5.1.1

v5.1.0

v5.0.0

v4.2.1

v4.2.0

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.0

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.1.1

v1.1.0

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.21.0

v0.20.1

v0.20.0

v0.19.12

v0.19.11

v0.19.10

v0.19.9

v0.19.8

v0.19.7

v0.19.6

v0.19.5

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.8

v0.18.7

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.0

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.4

v0.3.3

v0.3.2

v0.3.1

Labels

Clear labels   

bug

Something isn't working

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

refactor

Code refactoring and cleanup

  

rust

Pull requests that update rust code

  

technical-debt

Technical debt to address

  

wontfix

This will not be worked on

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

refactor

rust

technical-debt

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

navicore/patch-seq#210

No description provided.