Skip to content

Handle background exceptions gracefully #5052

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SirTyson wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Handle background exceptions gracefully #5052

SirTyson wants to merge 1 commit into from

Conversation

@SirTyson
Copy link
Contributor

@SirTyson SirTyson commented Dec 5, 2025

Description

Currently, if a background thread throws, we don't properly go through graceful shutdown. This gracefully handles background exceptions.

Checklist

  • Reviewed the contributing document
  • Rebased on top of master (no merge commits)
  • Ran clang-format v8.0.0 (via make format or the Visual Studio extension)
  • Compiles
  • Ran all tests
  • If change impacts performance, include supporting evidence per the performance document

@SirTyson SirTyson requested review from Copilot and marta-lokhova and removed request for Copilot December 5, 2025 22:19
marta-lokhova
marta-lokhova reviewed Dec 9, 2025
View reviewed changes
src/main/ApplicationImpl.cpp Outdated
{
JITTER_INJECT_DELAY();
timer.Update(isSlow.checkElapsedTime());
try
Copy link
Contributor

@marta-lokhova marta-lokhova Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m relucant to take a one-size-fits-all approach here. The system has a lot of nuanced failure modes, and in many cases catching an exception and shutting down gracefully isn’t actually the right thing to do. Sometimes the exception is a symptom of prior state corruption, and in those cases we really need to evaluate the specific scenario to decide whether we need to do something else, like a forced shutdown or an abort.

This change is specifically in the context of the new invariant, correct? If so, could we scope it to invariants only, so we don’t change failure behavior in other subsystems? Btw, currently strict invariants abort the program. With this change, it looks like we go into graceful shutdown, which doesn't seem right. I think we should probably abort for snapshot-based invariants as well (which would help spot problematic watchers).

Copy link
Contributor Author

@SirTyson SirTyson Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for simplicity, I went ahead and just handled the snapshot invariant case. This is the only invariant that actually runs on the background, so it seemed to make sense just to special case the failure mode for this specific invariant.

@SirTyson SirTyson force-pushed the background-exception-handling branch from 47a7b06 to 1c8ce60 Compare December 11, 2025 15:49
Copilot AI review requested due to automatic review settings December 11, 2025 15:49
Copilot AI reviewed Dec 11, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds exception handling to the runStateSnapshotInvariant method to ensure background thread exceptions are caught and result in graceful shutdown via printErrorAndAbort, rather than leaving the exception unhandled.

Key changes:

  • Wraps invariant snapshot checking in a try-catch block to handle exceptions in background thread execution
  • Adds the GlobalChecks.h include to access printErrorAndAbort function

@SirTyson SirTyson force-pushed the background-exception-handling branch from 1c8ce60 to 351aa86 Compare December 12, 2025 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marta-lokhova marta-lokhova marta-lokhova left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SirTyson @marta-lokhova