[DOCS] Document some caveats of UDF/UDAs#6478
Conversation
Signed-off-by: Mihai Budiu <mbudiu@feldera.com>
mythical-fred
left a comment
There was a problem hiding this comment.
Useful warnings. APPROVE with three small docs-polish nits inline.
| by returning a `Result::Err()` ([see below](#return-types)). This ensures that errors are | ||
| propagated in a controlled manner and can be handled by the calling code. | ||
|
|
||
| * The compiler assumes that the semantics of a user-defined function does not change between |
There was a problem hiding this comment.
Grammar: "semantics" is plural, so "do not change", "may lead to incorrect results" reads fine but the head noun needs "do". Same fix on line 423 for the UDA copy.
Suggested: "The compiler assumes that the semantics of a user-defined function do not change between pipeline restarts."
| library function names. | ||
| library function names. Future additions to the SQL library may | ||
| introduce functions that clash with user-defined function names. We | ||
| recommend users to use function names that are unlikely to |
There was a problem hiding this comment.
"We recommend users to use ..." is awkward. Either "We recommend that users use ..." or "We recommend choosing function names that ..." reads better.
| data sources, or other sources of non-determinism. | ||
|
|
||
| * UDAs are compiled into native binary code and executed directly within the address space of | ||
| the pipeline. Therefore, only trusted code should be included in UDAs. |
There was a problem hiding this comment.
The new UDA danger block drops two things that the UDF block above has and that apply just as much to UDAs:
- The "no panics / no undefined behavior / return Result::Err on runtime errors" guidance (lines 41-45 in the existing UDF block). Crashes from a UDA inside the pipeline address space are at least as bad as from a UDF.
- The pointer to issue [RFC] Non-deterministic operator #2619 inviting feedback on non-deterministic use cases — a UDA author hitting this is just as likely to want to comment there.
Worth duplicating both into the UDA block, or factoring the shared warnings into a single block introduced as "applies to UDFs and UDAs".
Until the compiler can check whether a UDF has changed (which today it doesn't) we at least document some limitations that the users are responsible for.
Fixes #4949
Checklist