Make ResultIteration refuse unsafe operation (option 1) #86
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We receicently had [a panic in Consul](hashicorp/consul#9566) that was caused by incorrect usage of a ResultIterator. A minimal reproduction of this panic can be seen [here](https://github.com/hashicorp/go-memdb/compare/panic-delete-inside-iter). Many of us learned that there are undocumented rules for using a ResultIterator correct with a write transaction. This commit attempts to document that safe use of a ResultIterator.
Previously this could panic anyway (see #85), but only when the nodse in an index line up in a very specify way. This meant that tests may not exercise the bug, and the panic would get into a release. By adding an explicit panic here we ensure that any basic test coverage of an iteration would fail. In the case of inserts it would not panic, but could return incorrect results (most likely duplicate). This panic ensures we fail instead of returning incorrect results. It would have been nice to error instead of panic, but there's no place in the current interface to return an error.
dnephin
commented
Jan 21, 2021
| @@ -6,3 +6,5 @@ require ( | |||
| github.com/hashicorp/go-immutable-radix v1.3.0 | |||
| github.com/hashicorp/golang-lru v0.5.4 // indirect | |||
| ) | |||
|
|
|||
| replace github.com/hashicorp/go-immutable-radix => github.com/hashicorp/go-immutable-radix v1.3.1-0.20210121185740-67e10d480dcf | |||
There was a problem hiding this comment.
Leaving a note as a reminder that this should be changed to an official release, before merging this PR, if we are interested in this approach.
This was referenced Jan 22, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is one option for making the code behave correctly in the scenario described in #85 (other options in #87, #88).
Previously this could panic anyway (see #85), but only when the nodes in an index line up in a very specify way. This meant that tests may not exercise the bug, and the panic would get into a release.
By adding an explicit panic here we ensure that any basic test coverage of an iteration with modification will fail.
In the case of inserts it would not panic, but could return incorrect results (most likely duplicate). This panic ensures we fail instead of returning incorrect results.
It would have been nice to error instead of panic, but there's no place in the current interface to return an error.
TODO: