DMD 1.027 and 2.011 releases
eao197
eao197 at intervale.ru
Fri Feb 29 00:32:37 PST 2008
On Thu, 28 Feb 2008 19:34:45 +0300, Russell Lewis
<webmaster at villagersonline.com> wrote:
>> It is not necessary to catch AssertError. Sometimes it is necessary to
>> catch any error. For example, in a HTTP-server you could start
>> processing of a new request and catch different kinds of errors to make
>> appropriate response:
>
> I agree that a web server needs to post an appropriate response. But if
> an assert() has failed, you don't know if the failure is in your main
> program, in a library, or maybe even in your network code. In that
> case, you can't really rely on your program to keep working correctly,
> and the only sane solution would be to restart it.
Violation of contract is not a sign of unrecoverable failure of the
program, expecially for preconditions. Quite the contrary contracts help
detect unappropriate conditions at earlier stages.
For example, SMS body in 140 bytes long. 7-bit message could be up to 160
symbols, packed into 140 bytes SMS body. You could have 7-bit message
packing functions with precondition:
byte[] pack7bitMessage( byte[] message )
in { assert( message.length <= 160 ); }
body { ... }
When pack7bitMessage receives message which is longer than 160 symbols
there isn't any sign of unrecoverable error. For example, the too long
body of message may be received from SMPP PDU submit_sm from a ESME who
simply had made an error in their PDU. It may be a sign of presence of
error in your code for submit_sm parsing (length of SMS body not checked)
but there nothing fatal for whole application.
And that is a situation where application abort and restart don't solve a
problem -- ESME simply repeat the problem submit_sm after server restart
and server go down again and so on.
> My argument, then, is that you need a metaprogram or "watchdog" (such as
> the init process in *NIX, or maybe just a "web server launcher") which
> manages the server programs and restarts them when they crash.
A rather complex application is build from a several layers. A failure on
some layer should abort all current processing on that layer, but parent
layer could restart the problem layer. So that model with
metaprogram/watchdogs or supervisor processes (from Erlang) could be
implemented inside a single application with use of safe languages like D,
Java or C#.
--
Regards,
Yauheni Akhotnikau
More information about the Digitalmars-d-announce
mailing list