|
|
Boost Users : |
From: David Abrahams (dave_at_[hidden])
Date: 2007-03-08 15:31:54
on Wed Mar 07 2007, gast128 <gast128-AT-hotmail.com> wrote:
> David Abrahams <dave <at> boost-consulting.com> writes:
>
>> IME defensive measures almost always make things worse. As noted in
>> the thread I reference above, nobody has really developed a discipline
>> that tells us what things to defend against, when to stop checking,
>> and what we can reliably do when a problem is found. The result tends
>> to be programs full of "corruption checks" and bogus "recovery code"
>> that never gets tested or executed, making the program much harder to
>> debug and maintain. In my experience, that approach vastly increases
>> the likelihood of bugs.
>
> I have quite the opposite opinion: I work on a new version of a
> large application and the old team had a very strict exception
> policy which gave the application instability and crashes.
Having a very _strict_ exception policy is no help at all if you pick
the _wrong_ exception policy.
> Because of this experience we built a much more forgiveness (without
> sacrifycing data integrity) in the application, which makes it more
> robust.
How do you know it isn't hiding prorgam bugs?
> This does of course not mean that every pointer is checked,
> but an example can be that subsystems must check their arguments
> before continuing their work. Incorrect arguments will not be
> signaled by exceptions.
You don't seem to be reading the thread I referenced. Signalling
incorrect arguments with exceptions is totally contrary to what I
advocate.
-- Dave Abrahams Boost Consulting www.boost-consulting.com
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net