On 09:27 am, kylerzhan...@gmail.com wrote:
Hi,

As itamar mentioned in ticket #6676 <http://tm.tl/#6676>, If a cancellation
function for a Deferred throws an exception(the cancel() method of
Deferred won’t
throw exceptions, but the canceller may), behavior is undefined. If the
cancellation function throws an exception it is currently not caught, and
cancellation does not occur.

We can catch the exception and log it, and fallback to just firing Deferred
withCancelledError. This won’t break any old code. But an exception
raising from the cancellation function often means the cancellation is
failed.

Keep in mind that the Deferred cancellation API is a "best effort" API. There are no guarantees that anything can be cancelled. Consider the fact that 90% or more of Deferreds out there don't even have cancellation implemented for them yet and that before Deferred cancellation was introduced, 100% of Deferreds were uncancellable. :)

Another option we have is taking this opportunity to make the cancellation
being able to fail. There is the motivation:

There are cases where a Deferred is uncancellable. For example, we can call
twisted.mail.imap4.IMAP4Client.delete to delete a mailbox. When the
operation is waiting in the queue, we can cancel it by removing it from the queue. However, when the operation is already sent and is waiting for the
response, it becomes uncancellable.

If we allow the canceller(NOT the cancel() method of the Deferred) to raise
an exception, we can tell the user the cancellation is failed and the
Deferredwon’t be fired with a CancelledError.

Raising an exception from cancel() may break the old code. So we can catch the exception raised by the canceller, then return a False without firing
theDeferred to tell the user that the cancellation is failed.

It's true that introducing an exception where previously there was no exception is likely to break things.

However, *hiding* the failure in a return code that has to be checked everywhere is not a solution to this problem. The cancellation has still failed - the only difference returning False instead of raising an exception makes is that most code won't bother to check the return value and will miss out on the fact that cancellation has failed.

This mostly just breaks things differently (in a way that's much harder to track down than a missing exception handler).
In order to avoid missing unexpected exceptions, we can create a
CancellationFailedError. When the canceller raises CancellationFailedError, we catch it and return False. When the canceller raises others exceptions,
we catch it, log it then return False.

Something like this:

def cancel(self):
   if not self.called:
       canceller = self._canceller
       if canceller:
           try:
               canceller(self)
           except CancellationFailedError:
               return False
           except Exception:
               log.err(None, "Unexpected exception from canceller.")
               return False
       else:
           # Arrange to eat the callback that will eventually be fired
           # since there was no real canceller.
           self._suppressAlreadyCalled = True
       if not self.called:
           # There was no canceller, or the canceller didn't call
           # callback or errback.
           self.errback(failure.Failure(CancelledError()))
       return True
   elif isinstance(self.result, Deferred):
       # Waiting for another deferred -- cancel it instead.
       return self.result.cancel()
   else:
       return False

This won’t break any code by raising an exception from cancel(), although
some code may rely on cancel() not returning any value.

So, what’s your opinion on raising an exception from the canceller?

What about a third option - if a cancellation function raises an exception, fail the Deferred with that exception.

This:

1) avoids raising an exception from Deferred.cancel (and avoids encoding error information in the return value of that method, forcing application code to start checking for error return values)

2) Satisfies the expectation of the application code that cancelling the Deferred will cause it to fire "soon" - with roughly the same quality as if the Deferred had no canceller implemented at all.

3) Probably makes the implementation bug apparent by making the exception available to errbacks on the Deferred.

I'm not entirely convinced (3) is ideal - it may be that the Deferred should actually fire with CancelledError in this case, just as it would without a canceller, and the exception raised by the canceller should just be logged (somewhat like what your code above does - but after logging the error the Deferred should actually be cancelled).

This has the same benefits, but puts the information about the implementation into the application's log file rather than forcing application-supplied errbacks to handle it somehow.

Jean-Paul

_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Reply via email to