Only catch errors that you know how to handle. If you don't know how to handle it, it should propagate higher up the stack, even if it kills the execution of the program.
This implies that having a catch-all around your entire program is a bad idea. Doing so loses the stack trace; you no longer know where the exception was thrown from. I've had to debug programs that did this, and the first thing I did was comment out the catch all so a simple stack trace could tell me where to start looking.
In the compiler I'm writing right now, I do wrap the entire execution in a try-catch block, but the only errors I catch are ones I call "user_error". That represents an error in the input; I don't handle that kind of input on purpose, and providing it is user error, not compiler error. I don't catch the other kinds of exceptions I throw, which indicate what gcc calls "internal compiler error." It's much easier for me to figure out what I did wrong that way.
The language I use doesn't prohibit display/logging of full stack trace if you catch exceptions. Or, trivially, catch/log in production catch/rethrow in dev.
What about daemons? large batch programs? I, personally, would rather have them catch and alert(email, sms) unknown/unexpected exceptions continuing on with what they can rather than simply die.
That's assuming you can continue on. Daemons and batch programs are unusual in that every so often, there's a conceptual "wipe clean" and all prior state doesn't matter. These are situations in which you know how to handle an error.
The alternative, to continue on in an error state without knowing how it will effect execution, is worse.
If you get an error, but the error is within a closed subset of your program, you should not propagate the error upwards. Let's say you are sending data to another program on the same system. The other program could do many things, and could send answers you do know how to reply to. The error is in your function and in your function alone - you should simply exit the function without exiting the program. The range of errors are limited, and none of them are life threatening, but only your function knows that, the rest of the program is unaware of what the unknown error means.
Propagating errors upwards like you say breaks functionality encapsulation.
What you said does not contradict my statement: only catch errors you know how to handle. You presented a situation in which you did know how to handle the error.
But if you don't know how to handle it, you should still throw it up, even if it breaks functionality encapsulation. This will likely crash the application, but the source of the error will be easily traceable, and the underlying problem can be fixed.
The most obvious to me is when you know something should be one of a finite set of values, and its actual value is not in that set. In my compiler, I have to classify array accesses as either a row or a column access. After a certain point, if it's neither (unitialized), then it's a serious error, I can't continue, and I throw an exception. I have similar situations when I deduce the types of an expression. Since I perform transformations on code, I also expect to find certain variables at certain places - if I can't find it anywhere, then I throw an exception.
Some of these are exceptions that I can recover from in that while the compilation is broken, I can still continue to find more errors. Others are show stoppers. I encounter these kinds of errors every time I have to do any decision based on these properties, which is often.
The biggest problem we have dealing with checked exceptions in Java is that it complicates interface inheritance when working with third-party class libraries. What do you do if you have to write a concrete class to implement an interface, but the interface's methods don't declare the exceptions you need? The interface isn't under your control, and the interface method signatures can't be changed anyway due to backward compatibility concerns.
What I usually do is cheat by catching the checked exception within the method, and then throw it again by using exception chaining to wrap it into an unchecked exception (RuntimeException). But it's hard to see that as a good solution.
"What I usually do is cheat by catching the checked exception within the method, and then throw it again by using exception chaining to wrap it into an unchecked exception (RuntimeException). But it's hard to see that as a good solution."
By throwing RuntimeException you're saying "don't catch this," which I agree is a bad thing, but any other kind of unchecked exception would be just as bad. You implement a third-party interface so other people's code can call methods on your object. If you throw exceptions they don't expect, then they have no chance of catching them anyway, so what's the difference?
Checked exceptions are just another way of specifying the behavior of an object so it can be handled predictably without knowing its precise type. If a method doesn't let you throw an exception indicating failure, then the method isn't supposed to fail, or it's supposed to report failure another way. If that isn't reasonable for your implementation, then the library isn't suitable for your needs. It isn't much different from the case where a method lacks arguments that you need, or has a return type that is too restrictive for your needs. If you can't adapt your code to fit the interface, you can't use it.
Ha ha. Nice theory, but sometimes in the real world you have no choice but to use a particular third-party interface even if it isn't perfectly suitable.
From the article: "With the hindsight of a decade, we can see that it’s a disaster. The trouble is that every time you call a method that throws an exception, you create an immediate crisis: you break the build. Rather than conciously planning an error handling strategy, programmers do something, anything, to make the compiler shut up."
Frankly, this is the weirdest complaint I've ever seen about checked exceptions. If you're trying to build a system with crappy programmers, you're kind of screwed anyway, but checked exceptions actually help you out quite a bit, because you don't have a problem with stray exceptions taking down entire subsystems. You might miss a lot of meaningful errors and get corrupted data, but at least the system keeps running, and that's the most you can hope for if your programmers are as crappy and lazy as the article describes.
And contrary to the article, few programmers are really that lazy and irresponsible. In my experience, far more code is written by responsible programmers who are inexperienced, rushed, or lacking a complete understanding of the system. Checked exceptions catch a lot of normal programming errors and result in more error cases being handled correctly. Like any other restriction imposed by a programming language, they don't ensure perfect code, sometimes they result in busy work, and crappy programmers will find crappy ways to work around them, but IMHO they are helpful for most programmers.
"You might miss a lot of meaningful errors and get corrupted data, but at least the system keeps running, and that's the most you can hope for if your programmers are as crappy and lazy as the article describes."
What? If I'm working with crappy programmers I don't want the system to keep going and corrupting data -- in the vast majority of cases, that's the worst possible result. Taking down the system with an nice error message and stack trace is a much much better. Crappy programmers, in the presence of checked exceptions, will handle exceptions with empty catch clauses (to prevent breaking anything) and there will be no way to find that error when it happens.
It depends on what kind of application you're talking about. When I think of hordes of crappy Java programmers, I think of enterprise web apps schlepping around business data. In that case, I think it's better to corrupt a few orders than to have hours of downtime every week.
Yeah, nothing is better than a whole lot of corrupt business data! It's so much better to have the system not crash than collect incorrect money amounts or send 10 million unpaid widgets out.
When an exception occurs and the system goes down, you get a nice notification and a stack trace. From there you can actually go about fixing the problems created by those hordes of crappy Java programmers rather than just ignoring the problem and hope that nobody will notice.
"The trouble is that every time you call a method that throws an exception, you create an immediate crisis: you break the build. Rather than conciously planning an error handling strategy, programmers do something, anything, to make the compiler shut up."
Now, granting that people like that are even paid to write code, do you think they're allowed to work on systems that ship widgets or cause money to change hands?
Frankly, we're having an absurd discussion because the assumption introduced by the original article is absurd. Nobody programs that way, or rather the few people who program that way can't be made productive through any means short of torture.
Web applications should generally have some sort of generalized handler around the entry point that sends back a web page saying "Something went wrong and we didn't know what else to do, so we're showing you this error page. HTTP status code 500." Production software should generally log a stack trace rather than simply crashing, but checked exceptions make it harder to do that.
A 500 error is a complete outage for every affected page. Most web app pages contain a lot of boilerplate -- headers, graphics, navigation elements, footers, and so forth, so a single error in a trivial component can cause an outage for an entire application unless it is localized properly.
Imagine following example: you signed contact to guarantee 99,999 uptime - 8-9 hours of downtime per year. First your downtime is 12 hours. Now you need to work more than 1 year without any errors. Any "500" error code can cost hundreds of thousands of dollars.
How you will do error handling and exception handling in that case? If there 1 chance per million that something will work incorrectly due to solar radiation or power fluctuation, how much such temporary failures you will see when your system handling more than 100 millions of requests per day? If you restarted database and all connections to database are broken, should all your current users see 500 error code?
PS.
That is real story. ;-)
PPS.
I used RecoveryManager to handle errors in the my system. It is very simple: when it receiving an error, it uses it configuration to determine action to take (e.g. call helper method) and responding to caller with code to indicate what caller should do: throw exception to higher level or just try again for few times.
"checked exceptions actually help you out quite a bit, because you don't have a problem with stray exceptions taking down entire subsystems"
Dunno about this. It's some time since I did any Java, but it seems to me that if you want to isolate a sub-system then the thing to do is to isolate it in the code explicitly where you want the sub-system isolated (i.e. like C++'s `catch (...)`) rather than force exception propagation/chaining through every function in the call chain.
I've found far more nasty problems caused by exception masking than I have by too many exceptions being thrown. I'm not sure what sort of system you might be working on where erroneous data is less of a problem than an exception.
You're correct, the right way to handle exceptions is to catch them in the right place so the right "unit of work" fails -- that's exactly what the article author describes. However, he argues that many programmers are too lazy or stupid to do that in the presence of checked exceptions.
"I'm not sure what sort of system you might be working on...."
I'm not sure what kind of system we're talking about either. Accepting the article's assumption of such stupid and/or lazy programmers, and accepting the implicit assumption that it's possible to produce useful software with such programmers, I'm guessing it's some kind of web-based business software.
"Accepting the article's assumption of such stupid and/or lazy programmers, and accepting the implicit assumption that it's possible to produce useful software with such programmers, I'm guessing it's some kind of web-based business software."
LOL
Actually the software I work on is web based business software. I sincerely hope that I don't cause the sort of problem alluded to in TFA.
The fact that checked exceptions make it harder to do the right thing I guess is exactly the point. An exception is a method for forcing an abnormal program flow, and the checked exceptions reduce this to an error return mechanism. You end up with the worst parts of exceptions and error returns -- way to go!
> Use finally to stabilize program state when exceptions are thrown
> Catch and handle exceptions locally when the effects of the error are local and completely understood
> Wrap independent units of work in try-catch blocks to handle errors that have global impact
This implies that having a catch-all around your entire program is a bad idea. Doing so loses the stack trace; you no longer know where the exception was thrown from. I've had to debug programs that did this, and the first thing I did was comment out the catch all so a simple stack trace could tell me where to start looking.
In the compiler I'm writing right now, I do wrap the entire execution in a try-catch block, but the only errors I catch are ones I call "user_error". That represents an error in the input; I don't handle that kind of input on purpose, and providing it is user error, not compiler error. I don't catch the other kinds of exceptions I throw, which indicate what gcc calls "internal compiler error." It's much easier for me to figure out what I did wrong that way.