[dmd-internals] Throwing Errors
Jonathan M Davis
jmdavisProg at gmx.com
Thu Mar 15 14:39:04 PDT 2012
On Thursday, March 15, 2012 14:22:49 Walter Bright wrote:
> On 3/15/2012 9:29 AM, Sean Kelly wrote:
> > Is the program really corrupted though?
>
> You cannot know that.
>
> I really think that going down the path of thinking one can recover from
> programming bugs is the route to disaster. It goes against everything I know
> about how to make safe, reliable systems.
There's a difference between saying that Errors are not recoverable and making
it so that cleanup code runs when Errors are thrown. Catching an Error and
continuing the execution of your program is almost never a good idea, but
catching it, doing some cleanup and rethrowing it (as finally, scope(failure),
and scope(exit) would do) is a different matter. No, it may not work, but it
can also allow you to do things that need to be done at cleanup. And _not_
running scope statements, destructors, and finally blocks makes catching Errors
even _less_ safe even when it _does_ make sense. And upon occasion, catching
Errors _does_ make sense even for cases other than cleanup.
There is a difference between recovering from an Error and a recovering from a
programming bug. Not all Errors necessarily indicate that there's a bug in the
program. They just indicate that they've hit what is almost certainly a fatal
condition. For instance, OutOfMemoryError is generally fatal, but it doesn't
necessarily indicate a bug in the program. If caught close to the throw point,
it might be possible to recover in some cases. It's just that the current
state _is_ fatal unless you can do something to fix it. In most cases you
can't, but in a few, rare ones, you can.
Catching an AssertError in normal code is a hugely bad idea - they _do_
indicate program bugs - but it could still make sense in unit testing code -
especially if you're trying to build a fancier unit testing framework on top
of the built-in one (to improve output or whatever).
So no, trying to recover from programming bugs is a _not_ a good idea, but
there _are_ rare cases where catching Errors makes sense, and making it so
that they skip scope statements, destructors, and finally blocks makes them
even _less_ safe to catch and makes it so that you often can't recover from an
Error even in the rare cases where you should be able to.
The main question that I see is whether trying to run cleanup code when an
Error is thrown is likely to make things worse or not. If that's a really high
risk, then it may be better to have scope statements, finally blocks, and
destructors skipped. But if it's at all debatable as to whether it's better or
worse to run cleanup code when an Error is thrown, then I'd argue that code
will be _less_ buggy if they're run when an Error is thrown. That doesn't make
it so that the programmer should be catching Errors much, but it _does_ make
it so that it's reasonably safe in the few cases where it _does_ make sense to
catch them.
- Jonathan M Davis
More information about the dmd-internals
mailing list