The extent of trust in errors and error handling
Ali Çehreli via Digitalmars-d
digitalmars-d at puremagic.com
Wed Feb 1 11:25:07 PST 2017
tl;dr - Seeking thoughts on trusting a system that allows "handling" errors.
One of my extra-curricular interests is the Mill CPU[1]. A recent
discussion in that context reminded me of the Error-Exception
distinction in languages like D.
1) There is the well-known issue of whether Error should ever be caught.
If Error represents conditions where the application is not in a defined
state, hence it should stop operating as soon as possible, should that
also carry over to other applications, to the OS, and perhaps even to
other systems in the whole cluster?
For example, if a function detected an inconsistency in a DB that is
available to all applications (as is the case in the Unix model of
user-based access protection), should all processes that use that DB
stop operating as well?
2) What if an intermediate layer of code did in fact handle an Error
(perhaps raised by a function pre-condition check)? Should the callers
of that layer have a say on that? Should a higher level code be able to
say that Error should not be handled at all?
For example, an application code may want to say that no library that it
uses should handle Errors that are thrown by a security library.
Aside, and more related to D: I think this whole discussion is related
to another issue that has been raised in this forum a number of times:
Whose responsibility is it to execute function pre-conditions? I think
it was agreed that pre-condition checks should be run in the context of
the caller. So, not the library, but the application code, should
require that they be executed. In other words, it should be irrelevant
whether the library was built in release mode or not, its pre-condition
checks should be available to the caller. (I think we need to fix this
anyway.)
And there is the issue of the programmer making the right decision: One
person's Exception may be another person's Error.
It's fascinating that there are so many fundamental questions with CPUs,
runtimes, loaders, and OSes, and that some of these issues are not even
semantically describable. For example, I think there is no way of
requiring that e.g. a square root function not have side effects at all:
The compiler can allow a piece of code but then the library that was
actually linked with the application can do anything else that it wants.
Thoughts? Are we doomed? Surprisingly, not seems to be as we use
computers everywhere and they seem to work. :o)
Ali
[1] http://millcomputing.com/
More information about the Digitalmars-d
mailing list