The extent of trust in errors and error handling

Ali Çehreli via Digitalmars-d digitalmars-d at puremagic.com
Sat Feb 4 23:48:48 PST 2017 

On 02/04/2017 08:17 AM, Chris Wright wrote:
 > On Fri, 03 Feb 2017 23:24:12 -0800, Ali Çehreli wrote:

 > Again, this is for a restricted type of application that I happen to 
write
 > rather often. And it's restricted to a subset of the application that
 > shares very little state with the rest.

I agree that there are different kinds of applications that require 
different levels of correctness.

 >> What operations can you safely assume that you can still perform? Can
 >> you log? Are you sure? Even if you caught RangeError, are you sure that
 >> arr.ptr is still sane? etc.
 >
 > You seem to be assuming that I'll write:
 >
 >   try {
 >     foo = foo[1..$];
 >   } catch (RangeError e) {
 >     log(foo);
 >   }
 >
 > I'm actually talking about:
 >
 >   try {
 >     results = process(documentName, document);
 >   } catch (Throwable t) {
 >     logf("error while processing %s: %s", documentName, t);
 >   }

Doesn't change what I'm saying. :) For example, RangeError may be thrown 
due to a rogue function writing over memory that it did not intend to. 
An index 42 may have become 42000 and that the RangeError may have been 
thrown. Fine. What if nearby data that logf depends on has also been 
overwritten? logf will fail as well.

What I and many others who say Errors should not be caught are saying 
is, once the program is in an unexpected state, attempting to do 
anything further is wishful thinking.

Again, in practice, it is likely that the program will log correctly but 
there is no guarantee that it will do so; it's merely "likely" and 
likely is far from "correct".

 > where somewhere deep in `process` I get a RangeError.
 >
 >> Even if you caught RangeError, are you sure that
 >> arr.ptr is still sane?
 >
 > Well, yes. Bounds checking happens before the slice gets assigned for
 > obvious reasons. But I'm not going to touch the slice that produced the
 > problem, so it's irrelevant anyway.

Agreed but the slice is just one part of the application's memory. We're 
not sure what happened to the rest of it.

Ali

More information about the Digitalmars-d mailing list