Separate plugins inside signal handling.
Many plugins can register to handle the same signal. Each such signal is wrapped with HIVE_TRY_NOTIFY
macro, that isolates main hived
code from plugin code by catching all "random" exceptions and only passing special plugin_exception
to stop transaction/block being processed. The problem is that when regular exception breaks signal processing, it only logs one plugin problem (the one where the problem originated) but all plugins following that one are prevented from receiving the signal. If one of such plugin relies on either of scenarios happening: the transaction and related state changes are undone on failure, or plugin receives signals in pairs (f.e. on_pre_apply_transaction
and on_post_apply_transaction
), then in case of other plugin failing, its own state will be incomplete, and there won't even be any information about it in the log. It is easy to imagine potential bugs that can result from it that will be very hard to diagnose.
The solution is to isolate the plugins from other plugins as well. When plugins register for signals, we already wrap their calls (see database::connect_impl
) so it should be as simple as adding equivalent or even HIVE_TRY_NOTIFY
directly. This way the failing plugin would catch and log its own exception before it breaks boost
signal handling and the signal itself could continue to other plugins. Current external HIVE_TRY_NOTIFY
would only ever catch some really unexpected cases (like boost
itself failing due to some random data overwrite or whatever).