Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement -panic=reset #2742

Open
stevegt opened this issue Mar 31, 2022 · 2 comments
Open

implement -panic=reset #2742

stevegt opened this issue Mar 31, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@stevegt
Copy link

stevegt commented Mar 31, 2022
edited
Loading

I'm suggesting this as a lighter-weight change versus #2331 and #2162. While #2331 looks like it will take a while to resolve and merge due to code growth concerns, #2162 looks like it may not be merged at all due to API issues.

As @ysoldak mentions in #2162, panics happen. In the project I'm working on at the moment, if tinygo hits a runtime error (e.g. slice out of bounds), this can mean pumps left running, valves left open, and chemicals and water all over the floor in the middle of the night when nobody is around.

For any reasonable control system, having some way to implement a fail-safe mode is pretty important. In circuitpython, I can use try/finally to make sure all of those relays are powered off. But this can't be done in tinygo wIth no recover() and with no reset on abort.

If tinygo had a -panic=reset build option (mentioned as a side note in #2331), then I could deal with this by sending the i2c commands to power everything off at the top of main().

Platform: Adafruit qtpy (Cortex M0) --> sparkfun DEV-17047 i2c GPIO expander --> multiple relay coils.

Possible workaround (and a good idea anyway): Add a second qtpy as a watchdog timer. Use it to switch off the power bus for all relay coils on loss of heartbeat from the first qtpy.
@ysoldak
Copy link
Contributor

ysoldak commented Apr 4, 2022

Possible workaround (and a good idea anyway): Add a second qtpy as a watchdog timer. Use it to switch off the power bus for all relay coils on loss of heartbeat from the first qtpy.

As long as this second watchdog does not die itself :D

@deadprogram deadprogram added the enhancement New feature or request label Apr 21, 2022
@stevegt stevegt mentioned this issue Sep 18, 2022
Closed
@stevegt
Copy link
Author

stevegt commented Sep 18, 2022
edited
Loading

#2331 is merged (yay!), #891 is closed, #2162 appears to be halted, so I'm re-thinking this issue.

  • The new recover() support is good, but unless I'm missing something, application devs who want to use defer/recover to reset on panic need to do some careful coding to prevent stack overflows and several other classes of errors; restarting goroutines is a particular headache.
  • A -panic=reset flag would be better, but it still might not be enough. Thinking about stack overflows makes me realize that, in Go, stack overflows are not panics, but are instead in a different class of fatal errors; stack overflows might not be expected to be caught by a flag named -panic.

Some questions:

  1. Would a -panic=reset implementation also catch fatal, non-panic, non-hardfault errors too, such as stack overflow or OOM? Or should I rename this issue/flag?
  2. Is recover() otherwise now reliable on everything but WASM, or are there still known corner cases?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deadprogram @stevegt @ysoldak