On Tuesday, June 12, 2018 17:38:07 wjoe via Digitalmars-d-learn wrote: > On Monday, 11 June 2018 at 00:47:27 UTC, Jonathan M Davis wrote: > > On Sunday, June 10, 2018 23:59:17 Bauss via Digitalmars-d-learn > > wrote: > > Errors are supposed to kill the program, not get caught. As > > such, why does it matter if it can throw an Error? > > > > Now, personally, I'm increasingly of the opinion that the fact > > that we have Errors is kind of dumb given that if it's going to > > kill the program, and it's not safe to do clean-up at that > > point, because the program is in an invalid state, then why not > > just print the message and stack trace right there and then > > kill the program instead of throwing anything? But > > unforntunately, that's not what happens, which does put things > > in the weird state where code can catch an Error even though it > > shouldn't be doing that. > > Sorry for off topic but this means that I should revoke a private > key every time a server crashes because it's not possible to > erase secrets from RAM ?
The fact that an Error was thrown means that either the program ran out of a resource that it requires to do it's job and assumes is available such that it can't continue without it (e.g. failed memory allocation) and/or that the program logic is faulty. At that point, the program is in an invalid state, and by definition can't be trusted to do the right thing. Once the program is in an invalid state, running destructors, scope statements, etc. could actually make things much worse. They could easily be operating on invalid data and do entirely the wrong thing. Yes, there are cases where someone could look at what's happening and determine that based on what exactly went wrong, some amount of clean-up is safe, but without knowing exactly what went wrong and why, that's not possible. And remember that regardless of what happens with Errors, other things can kill your program (e.g. segfaults), so if you want a robust server application, you have to deal with crashes regardless. You can't rely on your program always exiting cleanly or doing any proper clean-up, much as you want it to exit cleanly normally. Either way, if your program is crashing frequently enough that the lack of clean-up poses a real problem, then you have serious problems anyway. Certainly, if you're getting enough crashes that having to do something annoying like revoke a private key is happening anything but rarely, then you have far worse problems than having to revoke a private key or whatever else you might have to do because the program didn't shut down cleanly. - Jonathan M Davis
