On 9/1/06, Pascal Meunier <[EMAIL PROTECTED]> wrote:
>
>
>
> On 8/30/06 3:46 PM, "Tim Hollebeek" <[EMAIL PROTECTED]> wrote:
>
> >
> > What you've proposed are exceptions.  They do help (some) in separating
> > the normal logic from error handling, but:
> >
> > (1) they often leave the job "half done" which has its own risks.
> >     writing exception safe code can be more of a nightmare than error
> > checking.
>
> I can't help noticing...  In Ruby there's an "ensure" clause that allows you
> to bring closure to half-done operations.  Perhaps your point is that some
> languages have poor exception support, just like some languages don't
> provide safe string handling functions?

His point, I think, is that if you wrap a series of statements in an
try/catch block, you might not roll back every statement you needed
to, or checked appropriate conditions.

For example:
try {
 openFile();
 getData();
 writeToFile();
 setSomeFlag()
 moveFile();
 deleteTempThings();
} catch(Exception e){
 ...
}

Now obviously that's a statement that could be written far better, but
the point is that with the lazy/bad/accidental-bug-producing
programmer it might be common.


> >
> > (2) in many languages, you can't retry or resume the faulting code.
> >     Exceptions are really far less useful in this case.
>
> See above.  (Yes, Ruby supports retrying).
>
> >
> > (3) you usually end up with some "generic" clean up code, which generally
> >     hides more errors than it solves.
>
> I don't think that's fair.  Yes, you can write poor exception handling code,
> but it's far easier to simply ignore or overlook errors or write poor error
> handling code to the point where the error is effectively ignored (or
> "hidden") or the cause of the error becomes unidentifiable.  Exceptions
> allow me to reduce code duplication (and lower the chance of inconsistent
> treatment and bugs), simplify the code (which makes it easier to understand
> and therefore audit) as well as handle problems at an appropriate layer in
> the code.

Exceptions simplify the code? I don't think so. They also don't reduce
code duplication [per se] you need to add extra functions, etc, to do
that.


> I'm not saying that exceptions are always the best way to handle things, but
> they can be part of good programming practices.

They _can_ be, but often aren't.


> Pascal Meunier

-- mic
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to