DIP33: A standard exception hierarchy

Dmitry Olshansky dmitry.olsh at gmail.com
Mon Apr 1 12:44:21 PDT 2013


01-Apr-2013 20:00, John Colvin пишет:
> On Monday, 1 April 2013 at 12:12:56 UTC, Lars T. Kyllingstad wrote:
>
>> But if all cleanup code is bypassed, what is the point in using the
>> exception mechanism in the first place?  Why not just abort() and be
>> done with it?
>>
>> I can think of two reasons for throwing an Error rather than aborting
>> directly:
>> 1. You want a kind of "graceful" shutdown, in which destructors *are*
>> called and make their best attempt at cleaning things up.
>> 2. You want to catch it at some point, and perform some manual cleanup.
>>
>> But if (1) does not happen, can you even hope to do something useful
>> with (2)?  Your program is in the worst possible state it can be!
>
> I'm no expert on these things, but:
>
> Any chance of being in an invalid state - > undefined behaviour
>
> Undefined behaviour - > your destructors/cleanup routine could in theory
> do anything.
>

While a solid point I'd argue the opposite is more applicable.
The proponents of "Undefined bahaviour" is "anything can happen" let's 
just die fail flat on 2 counts:

1. Label all "bad things" s as undefined where it's more often 
system-defined or implementation defined. Out of memory is another one. 
Processor dependent behavior is another one (e.g. shift beyond word 
wideness).

2. Second that "anything can happen" thus "let's not try destructors and 
cleanup" just call abort.  In fact if you escalate the point of 
"anything" there is no guarantee that abort call will ...e-hm... 
actually call the process termination routine (or that C run-time is 
intact).

> Therefore, you're better off not trying to cleanup if program state
> could be invalid.

Data is corrupted no matter if you just fail to write it in a consistent 
state (sudden assertion in some 3-rd party library) or corrupt 
accidentally by bad write (during cleanup on corrupted RAM).

Therefore you should always try to orderly cleanup but do not rely on it 
to actually work at all circumstances (thus backups, commits/save 
points, watchdogs and whatnot).


-- 
Dmitry Olshansky


More information about the Digitalmars-d mailing list