DMD 1.027 and 2.011 releases

eao197 eao197 at intervale.ru
Fri Feb 29 00:32:37 PST 2008 

On Thu, 28 Feb 2008 19:34:45 +0300, Russell Lewis  
<webmaster at villagersonline.com> wrote:

>>  It is not necessary to catch AssertError. Sometimes it is necessary to  
>> catch any error. For example, in a HTTP-server you could start  
>> processing of a new request and catch different kinds of errors to make  
>> appropriate response:
>
> I agree that a web server needs to post an appropriate response.  But if  
> an assert() has failed, you don't know if the failure is in your main  
> program, in a library, or maybe even in your network code.  In that  
> case, you can't really rely on your program to keep working correctly,  
> and the only sane solution would be to restart it.

Violation of contract is not a sign of unrecoverable failure of the  
program, expecially for preconditions. Quite the contrary contracts help  
detect unappropriate conditions at earlier stages.

For example, SMS body in 140 bytes long. 7-bit message could be up to 160  
symbols, packed into 140 bytes SMS body. You could have 7-bit message  
packing functions with precondition:

byte[] pack7bitMessage( byte[] message )
   in { assert( message.length <= 160 ); }
   body { ... }

When pack7bitMessage receives message which is longer than 160 symbols  
there isn't any sign of unrecoverable error. For example, the too long  
body of message may be received from SMPP PDU submit_sm from a ESME who  
simply had made an error in their PDU. It may be a sign of presence of  
error in your code for submit_sm parsing (length of SMS body not checked)  
but there nothing fatal for whole application.

And that is a situation where application abort and restart don't solve a  
problem -- ESME simply repeat the problem submit_sm after server restart  
and server go down again and so on.

> My argument, then, is that you need a metaprogram or "watchdog" (such as  
> the init process in *NIX, or maybe just a "web server launcher") which  
> manages the server programs and restarts them when they crash.

A rather complex application is build from a several layers. A failure on  
some layer should abort all current processing on that layer, but parent  
layer could restart the problem layer. So that model with  
metaprogram/watchdogs or supervisor processes (from Erlang) could be  
implemented inside a single application with use of safe languages like D,  
Java or C#.

-- 
Regards,
Yauheni Akhotnikau

More information about the Digitalmars-d-announce mailing list