What makes cover-up preferable to error handling

python -c 'a=(1,2,3); print "5th:",a[5]'
perl -e '@a=(1,2,3); print "5th: $a[5]\n"'

5th:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
IndexError: tuple index out of range
5th:

python -c 'x=5; print "2nd:",x[2]'
perl -e '$x=5; print "2nd: $x[2]\n"'

2nd:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
TypeError: 'int' object is unsubscriptable
2nd:

python -c 'map={1:2,3:4}; print "map+abc:",map+"abc"'
perl -e '%map=(1,2,3,4); print "map+abc: ",%map . "abc\n"'

map+abc:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
TypeError: unsupported operand type(s) for +: 'dict' and 'str'
map+abc: 2/8abc

python -c 'print "y:",y'
perl -e 'print "y: $y\n"'

y:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
NameError: name 'y' is not defined
y:

python -c 'a=0; print 1/a'
perl -e '$a=0; print 1/$a'

Traceback (most recent call last):
  File "<string>", line 1, in <module>
ZeroDivisionError: integer division or modulo by zero
Illegal division by zero at -e line 1.

>>> from __future__ import braces
SyntaxError: not a chance

(print (let ((x (make-array 3))) (aref x 5)))
*** - AREF: index 5 for #(NIL NIL NIL) is out of range
(print (let ((x 5)) (aref x 2)))
*** - AREF: argument 5 is not an array
(print (let ((m (make-hash-table))) (concatenate 'string m "def")))
*** - CONCATENATE: #S(HASH-TABLE :TEST FASTHASH-EQL) is not a SEQUENCE
(print y)
*** - EVAL: variable Y has no value
(print (/ 1 0))
*** - division by zero

>>> [1,2,3][5]+5
NaN
>>> [1,2,3][5]+"abc"
"undefinedabc"

ahh yes, but your forgetting a major part of your essay.

The other side of the coin in the argument would be the problem with exception handling is it allows the exception to be caught and the program to still continue its death cycle to hell.

Either way, its an argument not of exception handling v function error return codes. Its just how to propagate errors through the different layers of the program.

No matter, in essence when you design a program there is a infinite number of ways for the program to crash. Exception handling does not handle this very well because it still allows you to catch and continue when the program state can be in-consistent or unknown.

The solution its to design the program so that that if the state of the program becomes unknown then it quits the program and prints out a call stack and memory dump.

Though this may seem like a harsh reality of the situation. But you will find that exception handling is like candy, it sucks people into a mindset that don't worry somebody else will handle this problem everything is alright. The problem with this mindset like you've given an example above, is that the more exception code you write, the more code your going to write to catch the unknown thrown exception. Keep adding more code until infinity.

Though right now you would be screaming "what crash the program and print a stack trace to the user". No silly that would be stupid. In most critical systems you will have 3-4 different machines doing the same calculation. If one becomes invalidated then the machine will restart itself and rejoin well the others take over. In consumer electronics you can see exactly the same design philiphosys taken by different teams.

For example my mobile phone by Nokia will freeze and require a complete reboot. Another phone by Nokia by a different design team, It would suddenly rebooted itself on me well usage. Either way, I rather my mobile phone to suddenly restart on me than when im driving seeing its locked up on a internation phone call that cost me $500 because it didnt hang up.

Its not how you design your layers and error handling in your program. What really matters is how fast you can detect invalid states in your program and find and fix bugs. Because either with exception handling or return codes if you cannot identify invalid states in your program and go through major iteration life cycles of your project it will never make it to market.

It's important to mention that much of Perl's "cover-up" is optional, and Perl can be made more strict with the "use strict" and "use warnings" directives.

@Andrew: agreed, I probably should have mentioned it; I didn't because I didn't want to discuss how it works with older code and how various errors would be handled under these settings and how things evolved around that – I just don't know much about it. I think the dynamics are similar to (my impression of) the dynamics of error handling in Lisp, with older functions returning "something" given "weird" arguments and newer functions producing an error; but Perl's approach to compatibility is different here – old features are in fact given new, incompatible semantics but only when explicitly specified by the user.

This raises the general question – if you started out without exceptions and without much "strictness" ("without exceptions and therefore without much strictness" according to my claim), what are your chances to retrofit more strictness later, overcoming compatibility issues? What raises/lowers the chances to succeed, and what the extent of success is likely to be (will errors be no longer tolerated or merely logged? which ones will be handled which way? and which error cover-ups will remain intact, classified as "features"?) I don't think I know to approximate an answer.

And while we're at it – am I right about the Perl exception handling history part?

@Entity: regarding the need to find bugs – much easier to do when array[badindex] crashes immediately then when it corrupts memory and moves on. Regarding ways to handle exceptions – depends on the system, but you usually end up having a few places where exceptions are handled and live happily ever after. For example, many embedded systems can simply be restarted, perhaps saving some of the state first; what's important though is for them to restart when a bug surfaces as opposed to corrupting data like the majority of them that are written in C(++) most probably will. At other times there are clear boundaries between subsystems limiting the amount of damage – the error is localized in a plugin/a subprocess/etc.; log the error and reload/restart/etc.

At the end there are two truly ugly scenarios: pressing forward despite the error and "killing everything" upon it. Exceptions avoid both.

Ahh yes, so you would be in the camp, don't press forward stop the program and restart.

Though the point I guess I didnt communicate clearly was exception handling does not do both, in fact its actualy worse.

The reason for it being worse, is by looking at any bit of code you cannot clearly identifiy what part of the code will throw an exception. This is the nature in C++. The next problem with exceptions in a language like C++ or in any language for that matter they're an invisible goto.

I agree with you in general your view point of exceptions and how great they're but my view point is that I've seen them been used for worse than better. I've seen try, catch (everything) throughout java programs and thats my main concern. The problem with how people use exception and how enginners use exceptions are two different things.

C++ makes the finalization problem harder than it is elsewhere, so it's the worst example.

I wouldn't be "in the restarting camp" – it depends on the program. What doesn't is that pressing forward is awful.

Sometimes I wish for something like:

function_do_stuff(foo, bar) on error(handler_object)

where handler_object has the necessary callback for the thrown exception by function_do_stuff (or die() ;)

I just don't all that error managing code mixed with the process logic.

As this post so entertainingly points out, there are many ways to handle (apparent) errors that are even dumber than exceptions. Still, as a programmer who strives to be better than the average schlubs that Yossi has to clean up after, I agree 100% with Entity: exceptions are a still a code smell. A function is just an interface; if there is no file, just return the appropriate value for that result, don't call it an error and invent an entirely new control structure just so I can throw it all over the place. I knew there might not be a file when I called you, so stop being so dramatic about it. Same with division by zero, or overflow, or out of memory, or whatever. It's all the same.

Exceptions are concessions to the fact that most programmers are incapable of dealing with the environments in which their functions operate, incapable of designing their programs in terms of small interfaces, and incapable of documenting those interfaces. It's not all their fault. They are usually forced to call all sorts of library functions or whatever which also have huge, poorly documented interfaces, and of course the language itself is typically a huge interface, although hopefully it is at least well documented and easy to interact with. Object orientation is especially good at increasing the shear mass of an interface at exponential rates. Then there is usually an operating system, and so the horror compounds itself.

Another problem is that everyone wants to handle the common case first and not think about the edge cases until they have to. This is a stupid approach and should be beaten out of every CS student as soon as possible, but of course it is not. Everyone is too busy mastering a bunch of overcomplicated interfaces. The upside is that we get entertaining posts from the people who have to clean up the messes.

There is a pattern here, and it is that you get huge interfaces when you cross personal and group boundaries. This is the corollary to Conway's Law (system architecture follows social organization): the more people involved, the more huge interfaces you get. The less you know about your customer, the more you put in your interface and the more you have to carefully check every single edge case – which are now multiplying like rabbits – because your mystery customers want to do everything and they will do everything.

I am writing a program for end users at the moment, and a major goal is to make the user interface simple so that I do not have to write mountains of code asking the user if they really meant to do this instead of that and inevitably missing things which will either crash the program or require blind defensive programming in the form of elaborate error propagation schemes. I have figured out how to eliminate most of the libraries I was using without writing much more code myself (actually less, in some cases). I throw no exceptions, eliminate the need to check as many that are thrown by the libraries I do use as possible, and catch the rest with a pleasant message, state dump, and program close; no known bugs which cause this are allowed in release builds.

It takes more time to do things this way, but the end result is much more stable and pleasant for everyone. Even if it turns out not to be what the user wanted, the program is now small enough that it can be rewritten much faster than would have been possible if I had bloated it out with extraneous libraries and error handling. I do not have a sense of attachment to hundreds of thousands of lines of code that I had to sweat over and key in and test, because there aren't hundreds of thousands of lines of code.

The problem, of course, is that to scale you inevitably have to cross a lot of these sorts of boundaries, but even then the way to scale is to minimize the complexity of the interface. Unless you are Microsoft, or Larry Wall, or whatever, and get a lot of money or personal recognition from the fact that you have millions of programmers wandering around in your maze like interfaces, plaintively bleating and crapping themselves while others follow along behind with shovels and write amusing blog posts (or snarky comments).

"Another problem is that everyone wants to handle the common case first and not think about the edge cases until they have to. This is a stupid approach and should be beaten out of every CS student as soon as possible, but of course it is not."

Even if a CS department succeeded in thusly brainwashing their students, economics would soon beat the supposedly stupid approach right back into them.

Now in a non(or less)-snarky mode: I believe that you are sufficiently more optimistic than me regarding the ability of people to write (exceptionally) good code in reasonable time frames, hence your lower tolerance for the admittedly abundant stupidity in interfaces, team interactions, operating systems, etc.

In the world that I think I live in, exceptions are a very good way to significantly raise the quality and lower the damage of a mean/median piece of code. In the world that you think you live in (more specifically in the world that I think that you think you live in...) that simply isn't much of a virtue, as an ability to improve the nose-picking skills of the population isn't much of a virtue – the real goal should be to have people stop picking their noses in public, not having them get better at it.

But I believe (not really, just to go on with the example) that people will always, or at least in the foreseeable future, pick their noses in public, so if there's a way to at least have them then clean their fingers without using someone else's clothes, this way should be pursued; back from the analogy, without exceptions people won't, in my world, think about more edge cases but will simply cover up errors – and lie to themselves about it if that's what it takes to get their job (look like) done on time. But to you, once they stop cleaning their fingers with others' clothes, there will be a downside of lowering the pressure to stop nose-picking altogether, so it's not very good to go that way.

I think exceptions are an economical way to write passable software, you think they lead astray from the path to exceptional software. I think the core point is that we have different estimations of the possible and the likely.

I still think you're trying to solve the problem from a technical/engineer stand point of view. You want a error handling mechanism or technique that can be used by your average developer so that they can produce maybe good or better code without having to teach them a whole bunch of new 'stuff'.

The problem is its not a technical problem, its a problem between people and how well you or they can communicate the message about your interface across to each other. Its more of a cultural code. If everyone is friendly and TRUST each other and sets a guideline how and where you will proper-gate errors through the layers either with 'exception' or 'return codes' then that is going to produce a better product at the end of the day.

Though you may say that limiting the developers if they use exceptions or if they use return codes in their software may result in less clever way to do things the truth is the reverse. You typically find people will get more creative with a narrow sets of well defined tools that behave exactly how they expect and they can trust them.

The other big question you have not talked about even with exception handling is the nightmare that is maintaining all the thrown exceptions around the place? Because lets say a new developers adds a new exception lets call it "TimeOut". The program compiles, and it gets shipped to the customer. The customer reports that the program just suddenly stops working with a stackdump of "exception not handled "timeout"" You go in and find out that this exception is thrown but needs to be caught and delt with in all its different layers of thrown exception. A exception is caught in this layer and then re-thrown as a new exception in another layer!

What I'm saying is if developers cannot separate their layers correctly with easy return codes and maintain them what hope do they have following no design principles with exception handling other than "throw it you will be okay"?

You cannot take a average programmer and economical turn this program into a better one by using a different technology and not even talking about the social-political-engineer boundaries that you have to cross. Though you can take any C++ program and dump them into Visual Basic and C# and watch them fly because that language needs so much brain power to go to waste its not funny.

If you want to economical way of doing what you're highlighting then you should 'fire' the programmer and hire a new one that has the same ideas, practices and focus to write good software as yourself. Considering that if your not a person in a high position your going to have to work on team spirit or bring the two teams together. Other wise, stay the course get burnt via very complex interfaces that emerge and slipped product dates or a new job that team are focused on the same goals as you.

Its always a people problem.

That something isn't a strictly technical problem but rather a "people problem" happening in a technical context doesn't make the problem solvable by strictly non-technical measures, nor does it mean that changing the technical details of an environment won't affect the situation for better or worse. You may be the CEO or the President of the World and still you won't be able to fire all "bad" programmers and hire only "good" ones and make them trust each other in all caps and write perfect code.

To me, realizing that some problems just aren't technical at their core but rather psychological goes together with realizing that some human behaviors simply can't be changed so all that can be done is adjusting the environment such that their damage is minimized. It sounds like two opposite things but it's actually the same thing: tech stuff is much easier to tweak than human attitudes which should be accepted as a given much more frequently; it is he who thinks that everything is a solvable technical problem who will rant most vitriolically about the narrow focus and lack of education of his fellow humans which supposedly prevent the always possible technical solution.

Wrt handling the common case first, I think this is a matter of scale also. The larger the interface, the more you want to (and have to) focus on the common case. So, yes, in the average case you do have to start with the average case.

You are also right, Yossi, that it is always much easier to change the technology than to change the people. Exceptions or whatever are not a (locally) optimal solution to the technical problem, they are a (locally) optimal solution to the technical + hiring problem. I think the result is that better programmers who don't mind taking on risk in exchange for more satisfying work environments go off and find small teams of other good programmers who have found a problem that can be solved better by scaling technical proficiency than by scaling number of people and lines of code. In other words, the smarter nomads leave the organization and start their own organizations. It doesn't always work out obviously, but I don't know of anyone with good data on success rates. What's more clear is that it makes the hiring problem more difficult, and therefore the average quality of average code at the average large organization that much worse.

The trouble with running your own organization is (again) that it's not just about having a team that is technically strong. In fact in many cases deciding to do so more or less guarantees that you'll no longer do technical work yourself.

Also, some things just can't be done without quite sizable teams (and quite some funding), which is why most embedded development is done by companies ranging between medium and extra large, and why I'll think very carefully before choosing another gig in this hefty domain.

In Wheat, we did in fact return an error object (there was an error-object constructor spelled "!!!") instead of raising exceptions, specifically with the idea of avoiding control-flow complication and thus making cleanup code reliable. Every time you did something to an error object, such as call a method on it or return it from a method, it would add some trace information.

(It also led to a nice error-handling operator: a !! b evaluates and returns b iff a evaluates to an error, so you could write foo.bar[baz].quux(3) !! walrus and get the walrus if foo didn't have a bar method, if indexing into it with baz failed, if the result didn't have a quux method, or if quux failed when given 3.)

At first this led to the problem you would expect: eventually most error objects would propagate up to an expression statement, at which point the value would be ignored and the error would be silently covered up. So we changed the semantics so that a method that encountered an error object as the value of an expression statement would continue on its way as normal — but would eventually return that error object as its return value, instead of whatever value was supposedly being returned.

This worked reasonably well in the small amount of code we wrote in Wheat.

I don't remember how we handled the case where someone tries to use an error object to direct their control flow, e.g. "if (!!!) ..." .

Is this the Wheat you're talking about?

It's interesting how you had error objects – I always wondered why on Earth people put up with contextless error codes. It's a bit frightening that code falls through errors like that though; I try to imagine how all the side effects in the trailer of the function which eventually returns an error object work out considering that something upwards failed to do what it was supposed to do.

Yup, that's the one.

Every once in a while those side effects would end up overwriting some important things with error objects — whatever important things they were trying to modify based on the failed computation, of course. Initially Mark made it impossible to store error objects in data structures (only local variables and return values) but in a lot of cases *not* overwriting was even worse, and in any case you often wanted to preserve the error for inspection a little later.

So I guess you're not a fan of this "Go" thing?

I guess I'm not, at least not of their attitude towards exceptions. It's nice to think of a programming language as a "systems programming language" which is used to program "systems" which should handle errors in well thought-out ways, however to me it's a lot like saying that we shouldn't have prisons because it is better to live in a society where people obey laws irregardless of the possibility of punishment – most of us don't live in such a society, and most of us aren't working on "systems"; there is crime in the streets and stupidity in the code whether you think there should be or not.

Also, "goroutines" creep me out, as does the tagline "don't communicate by sharing memory, share memory by communicating" ("don't ask what shared memory can do for you, ask what you can do for shared memory", as my roommate said when he read that).

It's nice that people behind C and Unix finally acknowledge the utility of garbage collection, and that a large C++ shop, and a favorite of the language creator's, acknowledges the problem with C++ build times; as to the rest of Go, I'll have to look into it.

I think "systems" means "software that connects programs together". Quoting Rob Pike from 2000 in http://www.eng.uwaterloo.ca/~ejones/writing/systemsresearch.html, "Systems: Operating systems, networking, languages; the things that connect programs together. ... Web caches, web servers, file systems, network packet delays,
all that stuff. Performance, peripherals, and applications, but not kernels or even user-level applications....The focus is on applications and devices, not on infrastructure
and architecture, the domain of systems research."

So basically these guys were complaining that, for writing that kind of stuff (and Google has a huge quantity of it, and a lot of people working on it; it's where their competitive advantage comes from) they wanted a better language. I don't think they really care whether it's good for average programmers. If they cared about that, they would have come out with Modula-2 or something instead of C, right?

I prefer exceptions, myself.

I concur that the neologism "goroutines" is annoying. But I think my low tolerance for neologisms may be a personal flaw.

I thought the tagline was pretty insightful, really; message-passing and monitors are isomorphic and dual to one another (there's a paper from the 1970s about this, but unfortunately I can't remember even the terminology they used, let alone the title) but message-passing seems to me to make it possible for concurrency to make programs *simpler* instead of *more complicated*, even aside from possible efficiency or responsiveness gains. I've never seen that with shared memory. Maybe Newsqueak is the best example of this, although Python generators (and especially generator expressions) and Unix pipes may be good examples too.

I think it's kind of a shame that they're including unrestricted shared memory. It means that you can't, for example, asynchronously kill a thread safely, the way you can in Erlang.

About GC, I think they've been sold on GC for some uses for a while. Winterbottom was in that group, and his 1994 paper on Acid revealed that it used a mark-and-sweep GC. It's just a question of garbage collectors improving over the years to be applicable in more circumstances.

Here's where Python falls down for me...

#Python:
receipt = foo #declaration is first assignment, why?
#...snip...
reciept = bar #typo not caught, nasty bug

#Perl:
use strict;
my $receipt; #mandatory explicit variable declarations are good
$receipt = $foo;
#...snip...
$reciept = $bar; #compile-time error, unrecognised symbol

(in both cases assume foo and bar are already known names/symbols)

Admittedly the error Perl emits due to the typo is somewhat cryptic ("Global symbol requires explicit package name" when the symbol you meant to use was lexically-scoped (that being the kind of symbol declared by the "my" keyword) and hence needs no package name), but Perl is not the subject of this comment, Python is.

How do you mitigate this problem of Python's? "Name used only once" warnings would help, but what about object attributes? Only access them via accessor methods, I suppose (even from within its other methods). Inadequate workarounds to a problem that has no reason for being, IMO.

Disclaimer: I have avoided Python like the plague for exactly this reason, so if you reply with a decent solution then I will look like an idiot. But I will also be very pleased because it will mean I can finally use Python :)

But if I am right and the problem is not adequately solved and if I'm not misunderstanding Python's declaration semantics then I don't understand why more people don't find declaration-is-first-assignment such an offensive language "feature" trading in safety/correctness for a little brevity. I can't find many such people through Google, nor many discussions of this problem/feature. I did find one person claiming it encourages choosing more descriptive identifier names (yes, really), but I would say that it encourages exactly the opposite.

BTW I just found your blog via C++FQA while looking for C++ refactoring tools (yeah, I know ;) and it is *awesome* :) You have rescued one coder from the cargo cult, at least.

PyChecker seems to detect the name errors you don't want to hit at run time (heuristically, I guess, since you could stuff things into globals() at run time and have PyChecker erroneously report a problem). Anyway, I never used PyChecker, mostly because of being lazy and reluctant to set up an environment different from everyone's default, so I don't really know what's up with it. I generally agree that Python delays too many name errors to too late a stage (at least it then generates an error as opposed to the helpful default of make or non-strict Perl), and it's fairly annoying, however it's hardly a reason to avoid a language like the plague for me because this is an error you find the first time your tests cover the offending line, so it's not like it lets you plant this horrendous time bomb to explode at a mysterious unknown point in the future or something. Generally C++ has set my standard for programming languages very, very low; of all languages mentioned above, I'd probably avoid none except for make.

I am frequently frustrated by the standard get-out answer "tests will find the bugs", as tests can only tell you that *something* is wrong with a method, not which particular something that is.

It's not just Python; it seems to afflict most all scripting languages and is commonly mistakenly seen as a necessary implication of dynamic typing (with the result that dynamic typing and explicit declarations are perceived as being mutually exclusive) and therefore part of "the philosophy".

Ruby is a beautiful language, but I still have reservations due to the same issue. It also lacks such a mature tool as PyChecker, and even if such a tool existed, Ruby's open classes mean that something that looks like a variable access actually might be a method invokation and this ambiguity may only be resolved at runtime.

NOTE: I am continuing this discussion as I value your input on the matter and I wish to explore it in more depth and more generality in order to expand my knowledge surrounding it and solidify my opinions concerning it prior to ranting about it in my own blog in the hope that language designers will take heed. Just so you know I'm not arguing just for the sake of it.

As soon as a language designer does away with typed variables, they instantly think they can do away with explicit variable declarations altogether, apparently without thinking about what other facilities are provided by such declarations besides specifying type. The perceived benefit of this is to cut down on a few characters of code for each variable.

I've already discussed one class of mistakes that declarations guard against (or two classes, depending on how you look at it), typos in variable assignments and accesses. Also, when you get into the habit of writing a declaration upon introducing a new variable, the compiler can tell you when you are redeclaring (shadowing) a pre-existing identifier. Finally, declaration makes explicit a variable's scope, without which languages tend to end up with scoping rules that feel rather primitive to someone used to the C-like block scoping syntax of, say, Perl or Java (notwithstanding closures, which can be done with or without explicit declarations).

Forcing the programmer to declare their variables just makes code easier to follow, understand and reason about, I feel.

When Perl 5 introduced the strict pragma, people thought it would be too unwieldy. Now it is the accepted wisdom among the Perl community that it should be on by default (and in Perl 6 it is).

Even Visual Basic has option strict, and that's not even a truly dynamically typed language (variables not explicitly declared are assumed to be of type Variant). As soon as a language introduces such an option, it very quickly becomes accepted wisdom to have it turned on all the time; that should tell you that it pays off.

It is the one feature of Perl that I miss when emigrating to Python or Ruby, and the one feature that means that for me, Perl 5 remains superior to those languages, even in the face of its abhorrent @_ and inconsistent OO.

The following Python and Ruby idioms allow one to assert that a method uses only a specific set of local variable names, but they're still only a runtime check and they still don't address stone-age scoping rules.

for v in sys._getframe.f_code.co_varnames:
if v not in ("declare", "local", "var", "names"):
raise NameError("'%s' not declared" % v)

local_variables.each do |v|
if not (:declare, :local, :var, :names).include?(v)
raise NameError.new("'#{v}' not declared")
end
end

Well, "tests will find the bugs" may not be a very wise attitude, but in this particular case you only need to run the line once to find the problem so counting on that to happen is much less optimistic than "counting on testing" in general. As to the benefits of declarations unrelated to typing, I probably agree, though I don't think of it as a killer feature.

Post a comment