Is `eval`ing in a CPAN module without localizing $@ a bug?

Question

I think I've encountered a bug in Params::Validate, but I'm not sure whether I identified the problematic code piece correctly. The code in question failed to pass exceptions up the chain (using Try::Tiny), so I started debugging and found out that a class used inside the try block has a destructor. This destructor calls object methods which use Params::Validate and looking into Validate.pm source I see an eval without $@ localization, i.e. the global $@ gets overwritten.

Now I see two options:

1. Params::Validate should always localize $@ and thus it's a bug that should be reported.
2. The bug is in the class in question, because it shouldn't use Params::Validate in a destructor. Params::Validate can stay as it is now.

Which one is it? How I should I handle this situation?

PS: I think that CPAN modules should be rock-solid and neither break themselves nor their environment, hence the question title.

Answer 1

See http://search.cpan.org/perldoc?Params::Validate#SUPPORT for how to submit a bug report. You spent a lot of energy discovering the cause of and the solution to a problem. It would be a shame if someone else had to retrace your steps without knowing what you have already learned.

I think that CPAN modules should be rock-solid and neither break themselves nor their environment

In a perfect world, software would always do what it claimed to do and not have any undocumented side-effects. CPAN is a pretty open system, so almost anybody can upload almost anything. I think this is more of a feature than a bug -- a low barrier to entry makes developing Perl modules easier and has encouraged a vaster and more useful library to be developed.

Params::Validate was released nine years ago and has been updated about 94 times since then. If you look through the CHANGES file, you'll see that the author(s) have been quite conscientious in keeping the module up-to-date and fixing occasional problems as well as adding new features. It probably won't shock them to hear that a user found a problem, nor should you be too shocked to find that some of the libraries are merely excellent and not perfect.

Answer 2

Unless there is some documentation telling you that the module helpfully preserves meaningful evaluation errors as part of its API, it's absolutely a bug.

I think that CPAN modules should be rock-solid and neither break themselves nor their environment, hence the question title.

Did it really break anything? I can tell you it's a bug, but I can't tell you that it excuses you for not testing the cases where you expected a clear $@ and didn't have one thanks to Params::Validate. If it "breaks" a development environment, well that's what testing is for.