mirror of https://github.com/grpc/grpc.git
Removed error.md (#30338)
Esun Kim
2 years ago
committed by
GitHub
parent
8f7927f7bc
commit
309d83832c
3 changed files with 0 additions and 162 deletions
@ -1,160 +0,0 @@ |
||||
# gRPC Error |
||||
|
||||
## Background |
||||
|
||||
`grpc_error` is the c-core's opaque representation of an error. It holds a |
||||
collection of integers, strings, timestamps, and child errors that related to |
||||
the final error. |
||||
|
||||
always present are: |
||||
|
||||
* GRPC_ERROR_STR_FILE and GRPC_ERROR_INT_FILE_LINE - the source location where |
||||
the error was generated |
||||
* GRPC_ERROR_STR_DESCRIPTION - a human readable description of the error |
||||
* GRPC_ERROR_TIME_CREATED - a timestamp indicating when the error happened |
||||
|
||||
An error can also have children; these are other errors that are believed to |
||||
have contributed to this one. By accumulating children, we can begin to root |
||||
cause high level failures from low level failures, without having to derive |
||||
execution paths from log lines. |
||||
|
||||
grpc_errors are refcounted objects, which means they need strict ownership |
||||
semantics. An extra ref on an error can cause a memory leak, and a missing ref |
||||
can cause a crash. |
||||
|
||||
This document serves as a detailed overview of grpc_error's ownership rules. It |
||||
should help people use the errors, as well as help people debug refcount related |
||||
errors. |
||||
|
||||
## Clarification of Ownership |
||||
|
||||
If a particular function is said to "own" an error, that means it has the |
||||
responsibility of calling unref on the error. A function may have access to an |
||||
error without ownership of it. |
||||
|
||||
This means the function may use the error, but must not call unref on it, since |
||||
that will be done elsewhere in the code. A function that does not own an error |
||||
may explicitly take ownership of it by manually calling GRPC_ERROR_REF. |
||||
|
||||
## Ownership Rules |
||||
|
||||
There are three rules of error ownership, which we will go over in detail. |
||||
|
||||
* If `grpc_error` is returned by a function, the caller owns a ref to that |
||||
instance. |
||||
* If a `grpc_error` is passed to a `grpc_closure` callback function, then that |
||||
function does not own a ref to the error. |
||||
* if a `grpc_error` is passed to *any other function*, then that function |
||||
takes ownership of the error. |
||||
|
||||
### Rule 1 |
||||
|
||||
> If `grpc_error` is returned by a function, the caller owns a ref to that |
||||
> instance.* |
||||
|
||||
For example, in the following code block, error1 and error2 are owned by the |
||||
current function. |
||||
|
||||
```C |
||||
grpc_error_handle error1 = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Some error occurred"); |
||||
grpc_error_handle error2 = some_operation_that_might_fail(...); |
||||
``` |
||||
|
||||
The current function would have to explicitly call GRPC_ERROR_UNREF on the |
||||
errors, or pass them along to a function that would take over the ownership. |
||||
|
||||
### Rule 2 |
||||
|
||||
> If a `grpc_error` is passed to a `grpc_closure` callback function, then that |
||||
> function does not own a ref to the error. |
||||
|
||||
A `grpc_closure` callback function is any function that has the signature: |
||||
|
||||
```C |
||||
void (*cb)(void *arg, grpc_error_handle error); |
||||
``` |
||||
|
||||
This means that the error ownership is NOT transferred when a functions calls: |
||||
|
||||
```C |
||||
c->cb(c->cb_arg, err); |
||||
``` |
||||
|
||||
The caller is still responsible for unref-ing the error. |
||||
|
||||
Note that you'll likely never need to run `c->cb(...)` yourself; the idiomatic |
||||
way to execute callbacks is via the `Closure::Run` method, which takes ownership |
||||
of the error variable. |
||||
|
||||
```C |
||||
grpc_error_handle error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Some error occurred"); |
||||
grpc_core::Closure::Run(DEBUG_LOCATION, c->cb, error); |
||||
// current function no longer has ownership of the error |
||||
``` |
||||
|
||||
If you schedule or run a closure, but still need ownership of the error, then |
||||
you must explicitly take a reference. |
||||
|
||||
```C |
||||
grpc_error_handle error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Some error occurred"); |
||||
grpc_core::Closure::Run(DEBUG_LOCATION, c->cb, GRPC_ERROR_REF(error)); |
||||
// do some other things with the error |
||||
GRPC_ERROR_UNREF(error); |
||||
``` |
||||
|
||||
Rule 2 is more important to keep in mind when **implementing** `grpc_closure` |
||||
callback functions. You must keep in mind that you do not own the error, and |
||||
must not unref it. More importantly, you cannot pass it to any function that |
||||
would take ownership of the error, without explicitly taking ownership yourself. |
||||
For example: |
||||
|
||||
```C |
||||
void on_some_action(void *arg, grpc_error_handle error) { |
||||
// this would cause a crash, because some_function will unref the error, |
||||
// and the caller of this callback will also unref it. |
||||
some_function(error); |
||||
|
||||
// this callback function must take ownership, so it can give that |
||||
// ownership to the function it is calling. |
||||
some_function(GRPC_ERROR_REF(error)); |
||||
} |
||||
``` |
||||
|
||||
### Rule 3 |
||||
|
||||
> if a `grpc_error` is passed to *any other function*, then that function takes |
||||
> ownership of the error. |
||||
|
||||
Take the following example: |
||||
|
||||
```C |
||||
grpc_error_handle error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Some error occurred"); |
||||
// do some things |
||||
some_function(error); |
||||
// can't use error anymore! might be gone. |
||||
``` |
||||
|
||||
When some_function is called, it takes over the ownership of the error, and it |
||||
will eventually unref it. So the caller can no longer safely use the error. |
||||
|
||||
If the caller needed to keep using the error (or passing it to other functions), |
||||
if would have to take on a reference to it. This is a common pattern seen. |
||||
|
||||
```C |
||||
void func() { |
||||
grpc_error_handle error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Some error"); |
||||
some_function(GRPC_ERROR_REF(error)); |
||||
// do things |
||||
some_other_function(GRPC_ERROR_REF(error)); |
||||
// do more things |
||||
some_last_function(error); |
||||
} |
||||
``` |
||||
|
||||
The last call takes ownership and will eventually give the error its final |
||||
unref. |
||||
|
||||
When **implementing** a function that takes an error (and is not a |
||||
`grpc_closure` callback function), you must ensure the error is unref-ed either |
||||
by doing it explicitly with GRPC_ERROR_UNREF, or by passing the error to a |
||||
function that takes over the ownership. |
||||
Loading…
Reference in new issue