Assertions getting corrupted
Jonathan M Davis
newsgroup.d at jmdavisprog.com
Thu Oct 26 10:46:04 UTC 2017
On Thursday, October 26, 2017 10:05:11 bauss via Digitalmars-d wrote:
> If D really wants to succeed with such things, then we cannot
> assume the program is in an invalid state. It must be up to the
> developer themselves to figure out if it's in an invalid state or
> not.
We've been over this before plenty of times in this newsgroup. If an Error
is thrown, then by definition the program is in an invalid state, because
Errors are thrown when bugs are encountered in the program or when the
program encounters an unrecoverable condition. As such, it makes no sense
whatsoever to recover an Error. Would you try to recover from a segfault? I
should hope not, and an Error is pretty much the same thing except that it's
done by the language and involves a stack trace rather being done by the
hardware and resulting in a core dump.
If you don't want your web application going down because of an Error, then
write it in a way that you avoid Errors (e.g. check indices before indexing
an array rather than relying on RangeError if you can't guarantee that the
index is valid). No program should be encountering Errors, and there's
nothing special about web servers that makes it okay for them to be hitting
them. If your program encounters an Error, then it's buggy, and it needs to
be fixed. Making it continue to run after an Error was thrown might work
under some circumstances, but in the general case, you're at serious risk of
making things worse.
As with any program, avoiding the case where your web server terminates due
to Errors is a combination of testing it to make sure that the code is
correct and making sure that you test any conditions coming from user input
or the environment which would ever result in an Error if they weren't
checked. I really don't see what the problem with that is or why anyone
would then think that it's magically okay to treat Errors differently just
because your application is a web server.
And if you're really that concerned about your code being so bad that you're
going to hit Errors with any regularity, then just make it so that your
server restarts if it goes down and load balance across multiple instances.
Any service that's looking to be truly robust is going to need multiple
instances running anyway.
By definition, Errors are _fatal_ error conditions. It's _Exceptions_ which
are used for recoverable error conditions, not Errors, and in the long run,
you're just shooting yourself in the foot if you try to get your program to
recover from an Error instead of terminating.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list