go's panics are fundamentally flawed
(alternative title: panic()
considered harmful)
errors, how do they work anyway?
errors in Go programs are represented by values. when calling a function that may return an error, it’ll return (T, error)
, and you can handle the error the same way you would any other value.
(note: the (T, error)
syntax doesn’t imply Go has tuples, because it doesn’t. functions can just return multiple values.)
now, this approach does have some problems. Go lets you ignore the error very easily, by using the discard operator _
rather than assigning it to a variable. it’s also extremely verbose–anyone who has used Go a substantial amount has written if err != nil { return err }
a thousand times. both of these issues are fixable, though: the compiler could emit a warning or an error (heh) when discarding an error value, and new syntax could be introduced to bubble errors up more easily.
panic! at the goroutine
what isn’t fixable, though, is the panic system. any function, no matter its signature, can call panic()
at any point, with any value. as soon as it’s called, the call stack unwinds all the way to main()
and the program crashes. a function doesn’t have to indicate that it can do this. in fact, it can’t, except in a documentation comment.
you can catch panics with a call to recover()
. you can’t put this below a function that might panic, though, you have to use defer
before the panic happens. recover()
will return the value passed to panic()
, or no value if no function panicked. (ironically, recover()
also doesn’t return an error, or even a boolean, when nothing panicked. you check if the return value is nil
instead.)
this is basically a worse version of try { } catch { }
in other languages. you can’t guarantee that the value returned by recover()
is an error, it can be any type. it moves error recovery away from the source of the error. and, of course, it’s inconsistent: the (T, error)
pattern lulls you into a false sense of security, making you think that you handled all possible errors in your application, when surprise! it can always panic.
how this could be fixed
simple: remove panic()
entirely. all functions that panic now must instead return an error, and the caller must handle that error. now when a function doesn’t return an error type, you know it can’t ever crash your program! problem solv–
oh. the language itself panics quite a bit as well. trying to access a slice index that doesn’t exist, trying to assign to a nil
map, dereferencing a nil
pointer, trying to write to a map from multiple goroutines simultaneously, and more can all cause panics. that requires a little more thought.
well, here we go:
- slice indexing could simply also return a
(T, error)
, or at least(T, bool)
, at all times, unless the index is known to exist at compile time. this would be extremely annoying in the current version of the language, but would be fine if a more streamlined way of bubbling errors up was added, such as borrowing Rust’s?
operator. nil
maps should be removed entirely. every map is strongly typed to begin with, and there is no practical difference between anil
map and an empty one. in my mind, the current behaviour is the language exposing an implementation detail (distinguishing betweennil
and empty maps) for no real reason.- similarly to slices, accessing a pointer could also return
(T, error)
. borrowing C#’s?
operator to streamline accessing deeply nested values would help here. alternatively, do away with pointers entirely and replace it with a system similar to Rust’sOption<T>
type. - i’m not entirely sure how to handle maps in multiple goroutines. the easy solution would be to wrap every single map in a
sync.RWMutex
, but this would massively slow down single-threaded programs, which is why the developers decided against doing this in the first place. maybe assigning to a map could return a boolean, withfalse
meaning the write failed because another goroutine wrote to it at the same time. that’s not a perfect solution, though.
but really, the biggest problem with panics is that all of the decisions surrounding them are set in stone, forever. Go intends to never release 2.0, which is understandable: they don’t want a repeat of the Python 2 to 3 transition. but it also means the language can never truly grow past some of its faults.
luckily, this is all just a thought experiment. if i want a more reasonable error handling system, there are so many other languages to choose from. such as c#–System.NullReferenceException
…oh, never mind.