What if I don't want to be forced to abort the program in the
event of such an error?

I don't follow this point. How can this approach work with programs that are
built with the -release switch?

Moreover, Sean's points here are absolutely on the money -- there are cases
where the "users" of a program may indeed want to see traces even for
anticipated errors. And even if you design a nice structure of throwing and
catching exceptions so that the simple error message _always_ gives good enough
context to understand what went wrong, you still have the other issue that Sean
raised -- of an exception accidentally escaping its intended scope, because you
forgot to handle it -- when a trace may be extremely useful.

Put it another way -- I think you make a good case that stack traces for
exceptions should be turned off by default (possibly just in -release mode?),
but if that happens I think there's also a good case for a build flag that
ensures stack traces _are_ shown for Exceptions as well as Errors.

All -release does is not generate code for assert()s. To leave the asserts in,
do not use -release. If you still want the asserts to be in even with -release,

if (condition) assert(0);
The -g switch should take care of that. It's what I use when I need a stack
trace, as there are many ways a program can fail (not just Errors).

He does not suggest that Exceptions are to be thrown on programmer
screw-ups, but rather that the thrown exception itself is the screw-up,
with a possibly complex cause.

It is not:

if(screwedUp()) throw Exception("");


It is rather:

void foo(int x){
if(!test(x)) throw Exception(""); // this may be an expected code
path for some callers
}

void bar(){
// ...
int y=screwUp();
foo(y); // yet it is unexpected here
}

Nothing wrong with it. Quite common and useful for a non-critical
web service to log the exception, then re-throw something like
"internal error", catch the internal error at the root and
returning the appropriate 5xx HTTP response, then keep going.

You are arguing as if it is impossible to know whether the logic
error is local to the handler, or not, with a reasonable
probability. "Division by zero" is usually not a big deal, but it
is a logic error. No need to shut down the service.
It is impossible to verify what the source is. It might be a bug
in a boolean expression leading to a throw when the system is ok.

assert()s should also not be left in production code. They are
not for catching runtime errors, but for testing at the expense
of performance.

Uncaught exceptions should be re-thrown higher up in the call
chain to a different error level based on the possible impact on
the system. Getting an unexpected mismatch exception in a
form-validator is not a big deal. Getting out-of-bounds error in
main storage is a big deal. Whether it is a big deal can only be
decided at the higher level.

It is no doubt useful to be able to obtain a stack trace so that
you can log it when an exception turns out to fall into the "big
deal" category and therefore should be re-thrown as a critical
failture. The deciding factor should be performance.

Am Sun, 28 Sep 2014 15:59:45 -0700
You're always thinking of simple console apps but this is the only place
where the default 'print exception to console' strategy works.

In a daemon which logs to syslog or in a GUI application or a game an
uncaught 'disk full exception' would go completely unnoticed and that's
definitely a bug.

On Mon, Sep 29, 2014 at 11:58 AM, Steven Schveighoffer via Digitalmars-d <
I agree (except the bit about missing the point). The point I wanted to
make was that encapsulation means what is a fatal error to one part of a
program may be easily handled by the containing part. Just because an
exception is thrown somewhere does not mean the program is broken - it is
the failure to handle the exception (explicit or inadvertent) that
indicates an error.


What is being discussed here is removing the stack trace and printout when
Sure, but it doesn't happen. Just like people do not check return values
I absolutely do not want a removal of stack trace information. If an
uncaught exception bubbles up and terminates the program, this is a bug and
I sure as hell want to know as much about it as possible. If having such
information presented to the end user is unacceptable, then wrap and spew
something better.

Ignoring an error return value is like ignoring an exception - bad news,
and indicative of a broken program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puremagic.com/pipermail/digitalmars-d/attachments/20140929/c385d0b3/attachment.html>

Not necessarily.
For some applications (for example simple console apps), you can
consider the D runtime's default exception handler to be an appropriate
way to respond to the exception.

On Mon, Sep 29, 2014 at 12:28 PM, Sean Kelly via Digitalmars-d <
I've heard this before, but have not seen a reasonable argument as to why
they are a failure. Last time this was discussed a link to a blog was
provided, with lots of discussion there - which as far as I could tell
boiled down to 'catching exceptions is ugly, and people just do the wrong
thing anyway which is ugly when you have checked exceptions.'

I am unlucky enough to write Java all day, and from my standpoint checked
exceptions are a huge win. There are certain edges which can catch you,
but they are immensely useful in developing robust programs. Basically
checked exceptions -> recoverable problems, unchecked ->
unrecoverable/programming errors (like asserts or memory errors).

Note I am not advocating adding checked exceptions to D (though I would
like it). Point is to acknowledge that there are different kinds of
exceptions, and an exception for one part of the code may not be a problem
for the bit that invokes it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puremagic.com/pipermail/digitalmars-d/attachments/20140929/8c59e583/attachment-0001.html>

Well, the failure comes from the effort to effect a certain behavior.

Sun was looking to make programmers more diligent about handling errors.
However, humans are lazy worthless creatures. What ends up happening is,
the compiler complains they aren't handling an exception. They can't see
any reason why the exception would occur, so they simply catch and
ignore it to shut the compiler up.

In 90% of cases, they are right -- the exception will not occur. But
because they have been "trained" to simply discard exceptions, it ends
up defeating the purpose for the 10% of the time that they are wrong.

If you have been able to resist that temptation and handle every
exception, then I think you are in the minority. But I have no evidence
to back this up, it's just a belief.
I think this is appropriate for a lint tool for those out there like
yourself who want that information. But requiring checked exceptions is
I think a futile attempt to outlaw natural human behavior.

-Steve

That is the conventional theory, the established wisdom.
But the more I become experienced with Java, over the years, I've become
convinced otherwise.

What has failed is not the concept of checked exceptions per se, but
mostly, the failure of Java programmers to use checked exceptions
effectively, and properly design their code around this paradigm.

Like Jeremy mentioned, if one puts catch blocks right around the
function that throws an exception, and just swallow/forget it there
without doing anything else, then it's totally the programmers fault for
being lazy.

If one is annoyed that often, adding a throws clause in a function will
require adding the same throws clause function to several other
functions, well, that is editing work you have to accept for the sake of
more correctness. But also one should understand there are ways to
mitigate this editing work:

First point is that in a lot of code, is better to have a function throw
just one generic (but checked) exception, that can wrap any other
specific errors/exceptions. If you are doing an operation that can throw
File-Not-Found, Invalid-Path, No-Permissions, IO-Exception, etc., then
often all of these will be handled in the same user-reporting code, so
they could be wrapped under a single exception that would be used in the
throws clause. And so the whole function call chain doesn't need to be
modified every time a new exception is added or removed.

If you're thinking that means adding a "throws Exception" to such
functions in Java, then no. Because this will catch RuntimeExceptions
too (the unchecked exceptions of Java), and these you often want to
handle elsewhere than where you handle the checked exceptions. In this
regard, Java does have a design fault, IMO, which is that there is no
common superclass for checked Exceptions. (there is only for unchecked
exceptions)

The second point, is that even adding (or modifying) the throws clause
of function signatures cause be made much easier with an IDE, and in
particular Eclipse JDT helps a lot. If you have an error in the editor
about a checked exception that is not caught or thrown, you can just
press Ctrl-1 to automatically add either a throws clause, or a
surrounding try-catch block.

On Sunday, 28 September 2014 at 21:16:51 UTC, Dmitry Olshansky
What I really want to work towards is the Erlang model where an
app is a web of communicating processes (though Erlang processes
are effectively equivalent to D objects). Then, killing a
process on an error is absolutely correct. It doesn't affect the
resilience of the system. But if these processes are actually
threads or fibers with memory protection, things get a lot more
complicated. I really need to spend some time investigating how
modern Linux systems handle tons of processes running on them and
try to find a happy medium.

I think it's a fair stance not to advocate this approach. But as
it is I spend a good portion of my time diagnosing bugs in
production systems based entirely on archived log data, and
analyzing the potential impact on the system to determine the
importance of a hot fix. The industry seems to be moving towards
lowering the barrier between engineering and production code
(look at what Netflix has done for example), and some of this
comes from an isolation model akin to the Erlang approach, but
the typical case is still that hot fixing code is incredibly
expensive and so you don't want to do it if it isn't necessary.
For me, the correct approach may simply be to eschew assert() in
favor of enforce() in some cases. But the direction I want to be
headed is the one you're encouraging. I simply don't know if
it's practical from a performance perspective. This is still
developing territory.

Walter, you do understand that not all software has to be robust - in
the critical systems sense - to be quality software? And that in fact,
the majority of software is not critical systems software?...

I was under the impression that D was meant to be a general purpose
language, not a language just for critical systems. Yet, on language
design issues, you keep making a series or arguments and points that
apply *only* to critical systems software.