Feeds

Catch as catch can

A light-hearted look at exception handling

Securing Web Applications Made Simple and Scalable

When should you raise an exception?

Glad you asked me that.

You should only raise an exception when you have encountered a truly exceptional situation. You should not raise an exception in a mildly-surprising-for-the-time-of-year kind of situation, and you certainly mustn’t raise an exception on a whim.

For example, if your routine threw because part of the GUID number you have just generated reads ‘SHELLOIL’ if you look at it upside down, this would be a Bad Thing. So please don’t.

As for using exceptions as a spectacular alternative to the much-maligned goto: this is the sort of behind-the-bikesheds activity in which Reg readers would never indulge.

Exception specifications

A quick reminder; exception specifications are extra bits glued onto function definitions that look like this:

int foo() throw(excpt1, excpt2); // can throw excpt1 and excpt2
int moo() throw(nothing);        // can throw nothing
int poo() throw();               // can't throw nothing. Umm...
int coo();                       // can't never not throw nothing

So that’s clear.

Exception specifications divide the C++ world into three rival and irreconcilable schools of thought:

  • There are those who have never heard of them. This faction doesn’t use exception specifications in its code.
  • There are those who have heard of them, but can’t be bothered to put them in. After all, we already gave in on the const thing with parameters, and that’s caused no end of trouble. This faction doesn’t use exception specifications in its code.
  • There are those clever clogs who have actually looked into the matter and given it some thought. These persons have discovered that they aren’t, in fact, any cop. This faction doesn’t use exception specifications in its code.

Until these three groups bury the hatchet and settle their differences, I can see no long-term future for C++.

Meanwhile, Java has a version of exception specifications called “checked exceptions” which are possibly even worse.

What to do if you get an exception

Faced with this question, some writers indulge in hand waving. Fortunately I am able to offer specific guidelines, based on standard practice as observed in commercial software, and some informed guesswork.

  • If you are running as some sort of web service, the standard approach on handling an exception is to send the user a page of ODBC diagnostics, preferably mashed up with a few suggestions from Apache.

    But this approach doesn’t just work with HTML output. For example some banks have also adopted it, as a novel method of telling you that you aren’t going to see your card back from the ATM any time soon.

  • If you are running as a background process with no user interaction, don’t just disappear silently. Be sure to do a memory dump, so gifting the user a digital turd — a binary lump of disk space of no use to man or beast. Naturally it won’t help you-the-programmer find the cause of the exception, because even if the user troubles to send it to you, like everyone else you don’t keep your debug symbol tables in version control, kidding yourself that you can rebuild them identically from the source.

    (By the way, the Windows API call to create this thing, MiniDumpWriteDump(), is one of my faves: as it says in the docs, sometimes you have to throw another exception to get it to fire. Neat.)

  • If you are running as a GUI program, now’s the time to pop up a modal message box. It doesn’t really matter what text you put in it, because the user will ignore it.

    A refinement, especially popular with Delphi programmers, is to put up further, identical message boxes at a one half second interval, so that unless the user intervenes and starts closing them at a greater rate, the whole system will eventually die from memory exhaustion.

  • If you’re running under Windows XP, consider converting the exception into a null pointer dereference in the catch handler:

    catch(...) { // now we're really stuffed
        int * p = 0;
        *p = 22;
    }
    

    This has the advantage over an ordinary crash that you will get one of those special OS-supplied dialogs, that asks permission to send log details back to Microsoft. Naïve users will interpret this as a Windows fault, and will direct their bile Redmondwards.

Of course, all the above techniques can be combined in fresh and original ways. Never be afraid to experiment.

The primary duty of an exception handler is to get the error out of the lap of the programmer and into the surprised face of the user. Provided you keep this cardinal rule in mind, you can’t go far wrong. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.