On Jun 5, 2012, at 8:44 AM, Jonathan M Davis <[email protected]> wrote: > > In many cases, it's probably fine, but if the program is in a bad enough > state > that an Error is thrown, then you can't know for sure that any particular > such > block will execute properly (memory corruption being the extreme case), and > if > it doesn't run correctly, then it could make things worse (e.g. writing > invalid data to a file, corrupting that file). Also, if the stack is not > unwound > perfectly (as nothrow prevents), then the program's state will become > increasingly invalid the farther that the program gets from the throw point, > which will increase the chances of cleanup code functioning incorrectly, as > any assumptions that they've made about the program state are increasingly > likely to be wrong (as well as it being increasingly likely that the > variables > that they operate on no longer being valid).
Then we should really just abort on Error. What I don't understand is the assertion that it isn't safe to unwind the stack on Error and yet that catch(Error) clauses should still execute. If the program state is really so bad that nothing can be done safely then why would the user attempt to log the error condition or anything else? I think an argument could be made that the current behavior of stack unwinding should continue and a hook should be added to let the user call abort or whatever instead. But we couldn't make abort the default and let the user disable that.
