From 3b35ddc1ce923e299bd6957f1265d89a0e022579 Mon Sep 17 00:00:00 2001 From: Leo Date: Thu, 22 Oct 2020 12:20:11 +0200 Subject: [PATCH] bridge: propagate panics from runnables Any error that can be recovered by restarting a runnable can also be recovered from by restarting the entire process. If we encounter a panic, it's safer to restart the process than attempting to limp along by restarting the runnable. We always assume that an external process manager will restart our process if it crashes. We already rely on this behavior for libp2p errors which we handle by terminating the process, since libp2p maintains global state that we can't clear. ghstack-source-id: 2f20ef764d32ffca16fb22055a85772e490616e7 Pull Request resolved: https://github.com/certusone/wormhole/pull/45 --- bridge/cmd/guardiand/main.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bridge/cmd/guardiand/main.go b/bridge/cmd/guardiand/main.go index fa5e44f1bb..61befde760 100644 --- a/bridge/cmd/guardiand/main.go +++ b/bridge/cmd/guardiand/main.go @@ -199,7 +199,10 @@ func main() { case <-ctx.Done(): return nil } - }) + }, + // It's safer to crash and restart the process in case we encounter a panic, + // rather than attempting to reschedule the runnable. + supervisor.WithPropagatePanic) select { case <-rootCtx.Done():