[bind10-dev] whether/when to use exceptions

[JINMEI Tatuya / 神明達哉]

At Wed, 14 Oct 2009 13:30:15 +0200,
Shane Kerr <shane at isc.org> wrote:

> An important area that we can do much better with if we have exceptions
> are coder errors. By this I basically mean assert() failures. With
> exceptions these become an exception rather than an abnormal exit, and
> some action may be taken.
> 
> Of course, it is difficult to write code that handles coder errors.
> Rather than having a blanket policy, one must review each piece of
> software in context and decide what the best thing to do is.
> 
> For example, if we get an update message that puts the system in an
> unexpected state, we may be able to simply drop the update and continue
> on. However, if we discover the problem after we have started the
> update, then we may have to restart the process doing the update. In
> extreme cases we may have corrupted our database - although using an SQL
> database that is ACID can make this very unlikely.

Personally I'm not so optimistic about this advantage of exceptions.
As you noted yourself, it would be generally very difficult to tell
whether an unexpected code state is due to a critical damage ins some
core part of the system (in which case there's not much we can do
except existing) or due to a minor recoverable error.  So, to provide
safer behavior I suspect we'll still end up existing in most of such
cases in practice, whether or not it's exception-based.

(This is not a discussion about whether to use exceptions per se) IMO
what we should do in BIND10 comparing it with BIND9 is to provide a
quicker and automatic restart mechanism when we encounter a code error
and have to exit.

---
JINMEI, Tatuya