From: David Abrahams (david.abrahams_at_[hidden])
Date: 2002-01-14 23:38:27
----- Original Message -----
From: "terekhov" <terekhov_at_[hidden]>
> Thanks for the write-up! However, one more question.
> I am just concerned that our "plug-in" operation
> might have some programming error in it, which
> would manifest itself with some "unexpected"
> exception and broken safety guarantee. I just want
> to use "unexpected" as an indication whether I am
> still running in "secure" environment. Is this a
> totally silly idea? Please explain why.
What makes you think a programming error that doesn't crash the program will
manifest itself as an unexpected exception, rather than a bogus return value
or some other undetectable condition?
The thing is, an exception only gets thrown if somebody, somewhere, writes
"throw". In general it doesn't "just happen" because of a programming
error**. It has to be an intentional act. When an exception gets thrown it
means that somebody at least meant to do his part and unwind properly. So,
if you get an exception you weren't counting on it is very likely that
someone forgot to document the exception, or you forgot to read the
documentation, or you got a new library and didn't update all of your
handlers, or another library that the library depends on is throwing a new
exception type... if you want to look for broken contracts which warrant a
system shut-down, this is a bad one to choose, because it's so easy to fail
to enumerate all of the exception types.
**Well, OK, there are platforms like Windows which have a crash-handling
mechanism integrated with C++ exception handling...but those report known
exception types when a programming error occurs, for which your shutdown
approach makes sense. You're worried about the unknown exceptions.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk