miniextendr_api/

error_value.rs

//! Tagged condition value transport.
//!
//! Rust-origin failures (panics, `Result::Err`, `Option::None`) and user-raised
//! conditions (`error!()`, `warning!()`, `message!()`, `condition!()`) are
//! converted to a tagged SEXP value instead of raising an R error immediately.
//! The generated R wrapper inspects this tagged value and escalates it to a
//! proper R condition past the Rust boundary, with `rust_*` class layering.
//!
//! This ensures Rust destructors run cleanly before R sees the error.
//!
//! # Condition value structure (`make_rust_condition_value`)
//!
//! The tagged SEXP is a 4-element named list:
//! - `error`: error message (character scalar)
//! - `kind`: condition kind string — one of the constants in [`kind`]
//! - `class`: optional user-supplied custom class (character scalar or `NULL`)
//! - `call`: the R call SEXP (or `NULL` if not available)
//! - class attribute: `"rust_condition_value"`
//! - `__rust_condition__` attribute: `TRUE`

use crate::cached_class::{
    condition_names_sexp, rust_condition_attr_symbol, rust_condition_class_sexp,
};
use crate::ffi::{self, SEXP, SexpExt};

/// Canonical kind strings for tagged condition values.
///
/// These constants are emitted into the `kind` slot of
/// [`make_rust_condition_value`] and consumed by the R-side
/// `.miniextendr_raise_condition` switch (see
/// `registry::write_r_wrappers_to_file`). Reference these constants
/// from codegen and runtime sites instead of bare string literals so a
/// typo cannot silently change which switch arm fires.
///
/// The constants are kept in lockstep with the generated R helper; if a new
/// kind is added, both the emission site and the R helper need to learn it.
pub mod kind {
    /// Default kind for Rust panics that surface to R via the generic panic
    /// path (no `RCondition` payload). Layered as `rust_error`.
    pub const PANIC: &str = "panic";
    /// `Result<_, E>::Err(...)` formatted via `Debug` (raised when the user
    /// returns an `Err` from a `#[miniextendr]` fn/method).
    pub const RESULT_ERR: &str = "result_err";
    /// `Option<T>::None` reached where a value was required (raised by the
    /// `NoneOnErr` / required-Option return paths).
    pub const NONE_ERR: &str = "none_err";
    /// `TryFromSexp` / coerce / strict-mode conversion failed at argument
    /// unmarshalling.
    pub const CONVERSION: &str = "conversion";
    /// User-raised `error!(...)` condition.
    pub const ERROR: &str = "error";
    /// User-raised `warning!(...)` condition.
    pub const WARNING: &str = "warning";
    /// User-raised `message!(...)` condition.
    pub const MESSAGE: &str = "message";
    /// User-raised `condition!(...)` condition.
    pub const CONDITION: &str = "condition";
    /// Fallback kind written by [`super::make_rust_condition_value`] when the
    /// caller's `kind` argument contained an interior NUL and could not be
    /// converted to a `CString`. Should not appear in normal flow; the match
    /// arm in [`crate::condition::RCondition::from_sexp`] handles it
    /// defensively by degrading to `RCondition::Error`.
    pub const OTHER_RUST_ERROR: &str = "other_rust_error";
}

/// Convert a `&str` to a `CString`, falling back to `fallback` on interior NUL bytes.
///
/// Used internally by [`make_rust_condition_value`] to avoid duplicating the
/// `CString::new(s).unwrap_or_else(…)` pattern across every slot.
fn to_cstring_lossy(s: &str, fallback: &str) -> std::ffi::CString {
    std::ffi::CString::new(s).unwrap_or_else(|_| std::ffi::CString::new(fallback).unwrap())
}

/// Build a tagged condition-value SEXP for transport across the Rust→R boundary.
///
/// Used for all Rust-origin failures and user-facing conditions. The R-side
/// switch in `condition_check_lines` reads `.val$kind` to select the condition
/// type and `.val$class` to prepend optional user classes before the standard
/// `rust_*` layering.
///
/// # Safety
///
/// Must be called from R's main thread (standard R API constraint).
/// The returned SEXP is unprotected — caller must protect if needed.
///
/// # PROTECT discipline
///
/// Every fresh allocation (msg, kind, optional class, true-marker) is protected
/// before the next allocation that might trigger a GC barrier. The `prot` counter
/// is incremented on each `Rf_protect` and balanced by `Rf_unprotect(prot)` at
/// exit on all branches. This pattern was established by PR #344 commit `af6b4875`
/// to fix a `recursive gc invocation` segfault on R-devel.
///
/// # Arguments
///
/// * `message` - Human-readable condition message
/// * `kind` - Condition kind — one of the constants in [`kind`].
/// * `class` - Optional user-supplied class name to prepend to the layered vector
/// * `call` - Optional R call SEXP for error context. When `None`, uses `R_NilValue`.
pub fn make_rust_condition_value(
    message: &str,
    kind: &str,
    class: Option<&str>,
    call: Option<SEXP>,
) -> SEXP {
    unsafe {
        // PROTECT discipline: every fresh allocation that's live across another
        // allocation must be protected. SET_VECTOR_ELT and SETATTRIB can both
        // trigger old-to-new GC barriers; R-devel's GC fires more aggressively
        // here than R-release/oldrel, so unprotected intermediates corrupt the
        // heap on R-devel even when R 4.5/4.4 happen to survive (PR #344 fix).
        let list = ffi::Rf_allocVector(ffi::SEXPTYPE::VECSXP, 4);
        ffi::Rf_protect(list);
        let mut prot = 1;

        // Element 0: error message
        let msg_cstr = to_cstring_lossy(message, "<invalid error message>");
        let msg_charsxp = ffi::Rf_mkCharCE(msg_cstr.as_ptr(), ffi::CE_UTF8);
        let msg_sexp = SEXP::scalar_string(msg_charsxp);
        ffi::Rf_protect(msg_sexp);
        prot += 1;
        list.set_vector_elt(0, msg_sexp);

        // Element 1: kind string
        let kind_cstr = to_cstring_lossy(kind, kind::OTHER_RUST_ERROR);
        let kind_charsxp = ffi::Rf_mkCharCE(kind_cstr.as_ptr(), ffi::CE_UTF8);
        let kind_sexp = SEXP::scalar_string(kind_charsxp);
        ffi::Rf_protect(kind_sexp);
        prot += 1;
        list.set_vector_elt(1, kind_sexp);

        // Element 2: optional custom class (NULL when not provided).
        // Only the Some-branch allocates; nil is constant.
        let class_sexp = if let Some(class_name) = class {
            let class_cstr = to_cstring_lossy(class_name, "rust_condition");
            let class_charsxp = ffi::Rf_mkCharCE(class_cstr.as_ptr(), ffi::CE_UTF8);
            let s = SEXP::scalar_string(class_charsxp);
            ffi::Rf_protect(s);
            prot += 1;
            s
        } else {
            SEXP::nil()
        };
        list.set_vector_elt(2, class_sexp);

        // Element 3: caller-owned SEXP — already protected (or R_NilValue)
        list.set_vector_elt(3, call.unwrap_or(SEXP::nil()));

        // Names / class symbols are cached. The TRUE marker on set_attr is a
        // fresh LGLSXP — protect across the SETATTRIB call.
        list.set_names(condition_names_sexp());
        list.set_class(rust_condition_class_sexp());
        let true_marker = SEXP::scalar_logical(true);
        ffi::Rf_protect(true_marker);
        prot += 1;
        list.set_attr(rust_condition_attr_symbol(), true_marker);

        ffi::Rf_unprotect(prot);
        list
    }
}