RFC: rename fail! to panic!

[aturon]

Rename "task failure" to "task panic", and fail! to panic!.

Rendered

[lilyball]

I think this is a reasonable change, but I'm slightly concerned that "panic" implies that the entire process is failing. Perhaps Go provides sufficient precedent of a "catchable panic" to be ok with "panic" just meaning the task is dying.

That said, I can't think of an alternative that makes more sense. I agree with the motivation to move away from "failure", so "panic" is probably the best alternative. It might be nice to note this in the drawbacks section though.

[glaebhoerl]

I am partial to despair!, as in

if num_kittens() <= 0 {
    despair!("all is lost")
}

but recognize that this is, lamentably, not serious enough to be a contender.

(I think the proposal is a good change.)

[lilyball]

HCF!("Halt and Catch Fire")

[chris-morgan]

@kballard Of course, in certain failure modes task failure may be just process abort. And even if it wasn’t supposed to be, it still might happen if a destructor fails too.

👍 in general, but I think you need to clarify further what’s going to change here. Are all relevant item names going to be changed? And in some cases where the translation is less obvious, how? To give a few specific examples of the sorts of cases we have—rust_fail (rust_panic, I presume), sync::lock::PoisonOnFail (PoisonOnPanic, I presume), core::failure (panicking sounds a little odd, even if it’s the direct translation).

[arcto]

👍 I used to be a proponent of abort! but it was still ambiguous with stdlib abort().
panic! is fine.

[reem]

👍 regarding renaming fail! - but panic! feels a bit too loose for me, I prefer the directness of something like kill, die, or abort. panic! also doesn't translate well to discussing what is happening - fail! gives us "fail the task", panic! give us... "panic"?

We could rename abort to kill and fail to abort, if we wanted to.

[bluss]

Renaming our abort doesn't help -- the precedent is libc abort().

I think what is needed is a word that will tell the reader that the process named is something specific -- it won't just "fail" but it will fail the rust task and start unwinding. So a peculiar name like panic should be good. The reader won't know exactly what that is, but they will understand it's a certain process and will have to read more about panic in the rust docs.

[steveklabnik]

fail! gives us "fail the task", panic! give us... "panic"?

"The task panicked."

[ben0x539]

Since this isn't supposed to be a common thing to do, could we afford to go with a more descriptive, less catchy name? Something like task_exit!, terminate_task!?

[lilyball]

@ben0x539 That makes it sound like the goal is to terminate the task. That's not the goal, that's just what happens. The goal is to declare that something has gone wrong in an unrecoverable way and behave accordingly. Which is to say, terminate_task!() sounds like a normal mode of operation, "the task is no longer useful, let's terminate it", whereas this macro is actually meant to evoke the idea that this is an exceptional case.

[reem]

On further though, I've actually come to like this name because it feels like something you shouldn't do - panic! sounds like it is an uncontrolled, last-ditch operation, which fail or abort don't quite have. In truth it is not uncontrolled, but that connotation will discourage people from using it.

[bachm]

crash is more descriptive in my opinion.

[glaebhoerl]

"crash", for me, means SIGSEGV.

[pczarn]

Most of names proposed here can be associated with kernel panic, process abort or SIGSEGV. I'll mention some more names:

• bail!()
• ditch_task!()
• forsake_task!()

[bluss]

crash_task!() in that case.

[SiegeLord]

I'm going to suggest throw!() since Rust's failures are basically exceptions anyway (unless there's a serious plan to alter the semantics of fail).

[lilyball]

throw!() suggests that there is a catch!(), but there isn't.

[treeman]

I am for a renaming. How about task_panic!()? Otherwise I'm fine with panic!().

[brendanzab]

@pczarn bail!() is nice. Differentiates us from Go, and does not mix it up with kernel panics.

[tshepang]

👍 for task_panic() @treeman

[Zoxc]

abandon!("ship")

[kud1ing]

Maybe leave!("Can't recover")

Otherwise i like panic!

[thestinger]

I think panic! is an improvement over the current naming. Naming it task_panic would imply that the failure is contained to the task, but Rust is unable to provide that guarantee. It needs to poison any mutable shared memory which forcefully propagates the failure. It will also abort if another failure occurs in a destructor. There's the possibility of recovery by a supervising task, but it's not guaranteed, and there's usually no supervision in place to handle / report the errors so they either abort or are ignored.

[FranklinChen]

I like the directness of something like die!. fail! is clearly not good enough. But panic! seems to suggest too much of a vague emotional event. Not every programmer is already familiar with existing usage as in "kernel panic".

[bkoropoff]

If you're pilfering kernel terminology, how about oops!()? It even seem roughly analagous to what fail!() currently does: it tries to limit the damage to just the current task, but depending on circumstances the entire system might go down anyway.

[arcto]

Seriously, oops! is not very informative. Either pick panic! which has precedent in Go, or something novel but unequivocal such as abort_task!.

[alexcrichton]

This was discussed in today's meeting and the decision was to merge.

[llogiq]

I don't think panic! is better or worse than fail!, but if we are already bikeshedding, why not look at other options?

• die! (kudos to perl)
• stop!
• cancel!
• cut! (cue cinema)
• snap! (imagine snapping a thread)

[richo]

Not trying to bikeshed or go back on this choice, but how do we make it abundantly clear to systems programmers that panic! likely doesn't do what you expect?

eg, on every other platform I've worked on that knows how to panic, there is no recovery, and nothing else happens apart maybe from dumping some state and waiting on a debugger, as opposed to here where the failure is entirely task local.

[jld]

Looking at the OS precedent another way: panic halts everything that was sharing memory with where the error occurred — one host in a cluster, one Rust task — while other hosts / tasks connected only by networking / message passing can detect the condition and try to continue. (This analogy isn't exact, but maybe it might help explain things.)