Comments (2)
Good point Denis. I did think about this and error handling is implemented at Node level through the WorkErrorNotifier (adapted from the original implementation). In a nutshell, if the Protocol module panics, the code that is performing the actual execution catches the panic and returns an error saying "Protocol implementation panicked (because XYZ)". Note that this is unavoidable in any case, since the protocol implementation is, in some cases, supposed to be provided by the user (of Mir) and we thus need to count on it panicking any time. But a panic in the protocol can only ever occur due to a bug in the implementation, never due to malicious input. The protocol must ensure that. The lines you linked cannot be reached unless there is a bug in the implementation.
That being said, the current implementation of ISS is still ongoing and not all inputs are properly sanitized yet. I can imagine that at this stage the protocol could be made to panic by sending it a maliciously crafted message. This should not be the case for a final implementation.
Defining such a policy, however, still makes very good sense and it could be part of a sort of "Protocol Implementation Guide" that describes how a new Protocol module should be implemented. I created an issue (#40) for that.
from mir.
Picking this up again. Let us just remove explicit panics from module implementations (can be found by grep -iE 'panic' pkg/*/*.go
) for now, replace them by returned errors whenever appropriate, and close this issue. And later go on and address #40 .
from mir.
Related Issues (20)
- Make factory modules automatically tolerate concurrent application events HOT 1
- Separate transport module and logic
- Eliminate unnecessary sender field used in the transport module
- Declare generated code as such
- Write a high-level description of Trantor HOT 1
- IPC M2 Critical Issues HOT 5
- Change membership info to use network protocol as a fallback
- Inefficient slice lookup
- Define constraints on membership weights
- Rename Trantor events to be consistent with protocol description
- Breaking changes in crypto library (G1 curve problem) HOT 1
- Checkpoint typo did not trigger FAILed tests, why? HOT 3
- Serializing empty slices in protobufs
- Conversion of checkpoints in iss.go HOT 1
- Expose basic notion of wall clock time in Trantor
- Transactions getting lost between multisig collector and ISS HOT 1
- Optimize batch reconstruction in Trantor's availability module
- Epoch-aware orderers
- Remove old ISS terminology from the Trantor implementation
- Use zero `MaxProposeDelay` as a default value for PBFT in Trantor
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mir.