Consensus rules cannot be broken in finishOperation

[Geod24]

The consensus rules are checked in checker_ballot_transaction's ValidateOp.
So if this error happens, it means there's an important bug in sebak,
and that the consensus rules were bypassed.
As a result, we remove the checks which are not necessary,
and panic on operations that shouldn't return an error.

[codecov-io]

Codecov Report

Merging #563 into master will increase coverage by 3.84%.
The diff coverage is 50%.

@@            Coverage Diff             @@
##           master     #563      +/-   ##
==========================================
+ Coverage   61.01%   64.85%   +3.84%     
==========================================
  Files         159      114      -45     
  Lines       11239     6911    -4328     
==========================================
- Hits         6857     4482    -2375     
+ Misses       3575     1899    -1676     
+ Partials      807      530     -277

Flag	Coverage Δ
#integration_tests_long_term	?
#integration_tests_node	43.14% <50%> (+2.07%)	⬆️
#integration_tests_retry	?
#unittests	54.18% <50%> (+6.77%)	⬆️

Impacted Files	Coverage Δ
lib/node/runner/checker.go	64.32% <50%> (-9.3%)	⬇️
lib/consensus/isaac_state.go	66.66% <0%> (-33.34%)	⬇️
lib/block/header.go	53.84% <0%> (-24.73%)	⬇️
lib/block/test.go	56.25% <0%> (-19.43%)	⬇️
lib/consensus/round_vote.go	75.38% <0%> (-13.68%)	⬇️
lib/transaction/operation/collect_tx_fee.go	47.05% <0%> (-13.66%)	⬇️
lib/transaction/operation/test.go	86.36% <0%> (-13.64%)	⬇️
lib/network/http2_client.go	53.39% <0%> (-13.62%)	⬇️
lib/storage/options.go	21.15% <0%> (-13.23%)	⬇️
lib/consensus/isaac.go	72.03% <0%> (-10.66%)	⬇️
... and 149 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e26154a...96f1c2c. Read the comment docs.

[spikeekips]

At this time, when error occurred in finish~ process the panic will be reasonable. @Charleslee522 If possible, when error or problem found in finish~ process, how about go to Syncing?

[spikeekips]

Like finishPayment, this also just can make panic, is there any reason to return error?

[Geod24]

Since it writes to LevelDB, there are much more potential for failure, that's why it's treated differently.

[kfangw]

I agreed.
finishXXX should not return an error.
How about using MustXXX pattern?

[spikeekips]

Instead of panicking, we already use leveldb’s transaction, so

1. Discard when error
2. Sync process

How about this scenario?

[Geod24]

@spikeekips : Those are different kind of errors. At the moment, this panic should never happen. If it happens, there's a bug in Sebak, and it's much better if we know about it than trying to hide it.
Here, panic is just an assert.

I'm usually fine with recovering from programming errors, but with our development process and the amount of work being done on Sebak, it's not realistic to do it at the moment.

[spikeekips]

@Geod24 Hmm. Most error cases can be from SEBAK itself, but there are plenty cases, error occurr like,

• disk full
• db file corruption by other process
• leveldb’s own bug
• etc

Db fail -> process end, it seems unnatural. In most if failed cases, panic can be good, but disk full sebak should ensure, I think. Logging critic message will be enough.

[anarcher]

I never ever use panic unless it's really unrecoverable error that the layer above should not be handling. It's an "abort the entire program" kind of error which you don't encounter that often. And A panic cannot be recovered by a different goroutine.

My general rule: avoid as much as possible.

• https://golang.org/doc/faq#assertions
• https://github.com/golang/go/wiki/PanicAndRecover

[Geod24]

but disk full sebak should ensure, I think

Yeah, that's why I only panic on read, not on write.