User: Password:
|
|
Subscribe / Log in / New account

No thanks.

No thanks.

Posted Oct 26, 2012 16:20 UTC (Fri) by cmccabe (guest, #60281)
In reply to: No thanks. by danieldk
Parent article: Haley: We're doing an ARM64 OpenJDK port!

Go's current implementations use a partially conservative garbage collector, which has some advantages but might ignore some memory that actually should be freed. In practice, this does not seem to be a problem on 64-bit systems, but it is one on 32-bit. They are looking at improving it, but it will take time.

I feel like it's unfair to blast Go for this. It's a new language; its GC is not going to beat HotSpot on day 1. A lot of the languages Go is often compared to, like Python, have far worse GC (CPython _still_ can't collect datastructures which have cycles, if any of them has a finalizer).

Google is using Go in production (see Vitess for an open source example).

As far as error handling goes, the designers of Go thought about it for a long time. You may or may not agree, but calling it "contrived" is disingenuous. Basically, a lot of people have used and grown to dislike the confusion of routine errors and exceptions that prevails in languages like Java. Joel Spolsky wrote a good article about it: http://www.joelonsoftware.com/items/2003/10/13.html. I'm sure you can find many more. The tl;dr version: don't believe the hype. You want exceptions only for signalling fatal errors.

re: domain specific languages. In general, I feel like you've got two approaches to follow when using DSLs. The first one is to use an extremely dynamic language like Lisp, Ruby, etc. and use eval-based tricks. The second is to create something like lexx or yacc-- a preprocessor that converts source in $DSL to C, C++, Golang, etc. Both are perfectly valid approaches. I don't feel like the colleciton of macro tricks and templates often glorified as "a DSL" in C++ requires any comment, other than: please, make it stop.

With regard to generics: if you find yourself using interface{} everywhere, you're doing something wrong. If you program Go like it's Java, you're not going to be happy. Java is best programmed in Java. But if you program Go like Go, you just might find that you have what you need. With that being said, generics might be added to the language at some point.


(Log in to post comments)

No thanks.

Posted Oct 26, 2012 19:55 UTC (Fri) by danieldk (subscriber, #27876) [Link]

> In practice, this does not seem to be a problem on 64-bit systems, but it is one on 32-bit.

You seem to be referring to the problem where (since the address space on 32-bit machines is small) some values may be identified as valid pointers. But that isn't the only problem with the garbage collector. It performs badly when lots of short-lived small objects are created. Eventually, it'll need a better collector.

> They are looking at improving it, but it will take time.

That's the standard answer. But currently, its GC is weak.

> A lot of the languages Go is often compared to, like Python, have far worse GC (CPython _still_ can't collect datastructures which have cycles, if any of them has a finalizer).

Here, the discussion was about Java and C#.

> As far as error handling goes, the designers of Go thought about it for a long time. You may or may not agree, but calling it "contrived" is disingenuous. Basically, a lot of people have used and grown to dislike the confusion of routine errors and exceptions that prevails in languages like Java.

Every serious chunk of Go code is interwoven with if statements to check for errors. It breaks the logical flow of functions. Besides that, it's not mandatory to bind the return values of a function. So for side-effecting functions, it's easy to accidentally ignore errors. And then there is the whole 'nil may equal be nil' issue:

http://golang.org/doc/go_faq.html#nil_error

> You want exceptions only for signalling fatal errors.

I want errors as values, *without* having to check the result of every function call. This has long been solved in option types that are also monads, see e.g. Maybe and Either in Haskell. Java checked exceptions are not too bad either: they don't clutter the flow, but you cannot silently ignore them (you have to catch them or indicate that your method might throw that particular exception).

Go doesn't differ much from C wrt. to error handling. Except that in C I know that -1 is always -1 or 0 is always 0.

> Both are perfectly valid approaches. I don't feel like the colleciton of macro tricks and templates often glorified as "a DSL" in C++ requires any comment, other than: please, make it stop.

Right, I was referring to the latter (EDSLs). So, what facilities does Go provide to support the latter? I haven't seen any real EDSL in Go. DSLs have been done in static languages before, without the horror of C++. E.g. Hamlet is a EDSL in Haskell for producing HTML in a type-safe manner:

http://www.yesodweb.com/book/shakespearean-templates

Hakyll is an EDSL for constructing static site generators:

http://jaspervdj.be/hakyll/index.html

> With regard to generics: if you find yourself using interface{} everywhere, you're doing something wrong.

Sorry, I was being sarcastic there. It's the standard answer you will get on various Go fora: Go doesn't need generics, because there is interface{}. Anyway, the criticism still stands: Go doesn't have parametric polymorphism, so you either:

- If you are lucky, use non-empty interfaces.
- End up duplicating copying the same algorithm multiple times for different types.
- Write functions that take the empty interface and return the empty interface.

E.g. consider writing the Haskell function:

replicate :: Int -> a -> [a]

(Repeat a value n times.)

A Go equivalent is:

func replicate(n int, val interface{}) []interface{}

Not only does this completely throw away type safety, it's also an example of Go's tediousness. If you call, say replicate(20, 10), you cannot directly cast the result to an []int, because []interface{} is obviously something different.

By all means, don't take my word for it. I encourage people to read Mark Summerfield's Programming in Go. If you use a modern static language such as C#, Haskell, or whatever on a daily basis, you'll be thinking "heh, I could do this in X more elegantly in a far smaller number of lines" every half page or so.

The only great feature of Go is gofmt.

No thanks.

Posted Oct 26, 2012 21:55 UTC (Fri) by cmccabe (guest, #60281) [Link]

I programmed for Android back in the 1.1 days. I'm pretty familiar with the problem of lots of creating lots of small objects. That problem is now effectively solved on the newer versions of Android, due to Dalvik updates. I feel confident that Go will tread a similar path.

> Go doesn't differ much from C wrt. to error handling. Except that in
> C I know that -1 is always -1 or 0 is always 0.

This is really unfair. Numeric types are strongly typed in Go.

Also, in C, 0 may not always be 0. Technically pointer NULL is a logical representation, not a physical one, so casting a NULL value for a pointer to an int may result in something other than 0. As someone invoking the name of Haskell, you should know this :)

No real-world C compilers that I know make use of this liberty. As usually, C++ "outdoes" C in the amount of implementation-dependent crud. Specifically, NULL values for pointer to member functions are usually not represented by the bit pattern 0. Check this out for some nifty implementation dependent spew:

#include <stdio.h>

class Foo {
int i;
};

static union {
int Foo::*i;
void *v;
} u;

int main(void) {
u.i = 0;
printf("iPtr = %p\n", u.v);
return 0;
}

I agree that the way in which interface values are compared to nil in Go is a little weird. Since the interface types are represented by a tuple internally, it would have been nicer to force developers to write out that tuple when comparing an interface to a constant.

We are going to have to agree to disagree about error handling. I could point out a lot of other notable programmers who prefer error codes to exceptions, not just Joel Sposky. From the Google C++ coding standard, to Raymond Chen, to Linus Torvalds. But what do those guys know anyway? Java checked exceptions are the way and the light (hint: they're not.)

Comparing Go and Haskell is comparing apples and oranges. Go isn't intended to be a functional programming language. We already have a ton of those already (OCaml, Scala, Clojure, etc.) Maybe for algorithms work it's good, but for systems-level work I think those are all very uninteresting.

No thanks.

Posted Oct 26, 2012 23:04 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

You might note that Scala and Clojure both require a JVM (see the referenced news article). And in fact if you want a cross-platform static typesafe language that is not C/C++ then your choices are quite limited.

Basically, it's Java or GTFO. At most you can make do with Mono. There are no other viable choices.

No thanks.

Posted Oct 26, 2012 23:54 UTC (Fri) by ibukanov (subscriber, #3942) [Link]

> I want errors as values, *without* having to check the result of every function call.

I have found that in practice the moment one wants to add more context to errors the good old return flags to indicate unexpected return status results in least cluttered code.

For example, in Java stack traces in log files by themselves can be rather useless for problem diagnostics. To facilitate the analyzes it is often necessary to log state information from quite a few call sites. But in Java that results is rather ugly

try {
code();
} catch (RuntimeException ex) {
log_extra_error_state();
throw ex;
}

With return error codes the extra clutter is minimal - one just needs to add log_extra_error_state(); on the error path.

Now, I presume in Haskell such annotated error reports should be rather simple to implement using Either. But even in Haskell checking for errors after return is inevitable if one wants to add the context information only on error paths.

No thanks.

Posted Oct 27, 2012 6:42 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Yeah, sure. So with error code you basically get:
> 42. Program failed. Now try to find out why, mwahahah!

In Java you can _rethrow_ exceptions, without losing the cause. I.e.:
> catch(SomeException ex)
> {
> throw new MyException(log_state(), ex); //We DO NOT lose the cause
> }

No thanks.

Posted Oct 27, 2012 8:30 UTC (Sat) by ibukanov (subscriber, #3942) [Link]

> Yeah, sure. So with error code you basically get:
> 42. Program failed. Now try to find out why, mwahahah!

No - with consistent error logging one gets in C very useful stack-like information about the error state without the noise of deep Java stack trace.

Clearly in Java one can do the same and have a stack trace in addition, but even in C it is possible to get the stack trace. Yet the C solution brings less clutter to the server code where it is desirable to log on errors (and only on errors) the maximum information about the state.

RuntimeException ftw

Posted Oct 27, 2012 10:41 UTC (Sat) by man_ls (guest, #15091) [Link]

With well coded programs a stack trace is all that is needed 99% of the time, or at least that is my experience. You can save the bit about "consistent error logging" and still spot errors.

There are weird occasions where e.g. the Android platform eats up your stack trace and generates its own, but that is not usually the case.

As to checked exceptions, they look good but in practice lead to byzantine exception hierarchies and hyper-delicate error handling, not well suited for humans (or for teams). Unchecked exceptions are good in that you don't need to handle all possible situations. In a web application you can just catch them at the root level, log them and print an HTTP 500 page; the user is not going to care at the moment as to why you are not showing the info they want, and the admins get a nice stack trace -- see above.

RuntimeException ftw

Posted Oct 28, 2012 0:09 UTC (Sun) by cmccabe (guest, #60281) [Link]

Go has exceptions, it just calls them "panics" and doesn't make an attempt to give them elaborate type hierarchies. So if your program does something _really_ bad, it will abort with a stack trace.

As far as spewing stack traces for normal errors-- people who want this are not thinking clearly. Unless you are a developer, you shouldn't need to read stack traces.

If you do want stack traces in your logs, you can easily get them with: http://golang.org/src/pkg/runtime/debug/stack.go

It's really nice to have stack traces in the language-- lack of them in the language is awkward in C/C++, although there are libraries that can help a lot.

RuntimeException ftw

Posted Oct 28, 2012 8:48 UTC (Sun) by man_ls (guest, #15091) [Link]

Unless you are a developer, you shouldn't need to read stack traces.
Absolutely true, I did not want to imply that the stack trace is shown to the user. The server displays a regular, nice 500 page (with no mention of "HTTP 500" either); but the stack trace is stored in the logs for further analysis.

Exceptions are good also to return from APIs, as long as they are documented: they come out in tests, are easy to spot and understand, and easy to deal with.

RuntimeException ftw

Posted Oct 29, 2012 18:31 UTC (Mon) by cmccabe (guest, #60281) [Link]

I disagree that exceptions should be returned from APIs (shouldn't that be "thrown"?) The caller shouldn't have to understand the internal implementation of your library to use it. A null pointer exception 10 levels deep in library code is not a friendly API, even for programmers.

If you can fail, document how you can fail, and come up with return codes or another API to handle it cleanly. If you can't fail, then return void and be done with it.

Checked exceptions were an attempt to make exceptions "work like return codes." But it failed. Every method in the world ends up throwing IOException, and it basically functions exactly like unchecked exceptions.

RuntimeException ftw

Posted Oct 29, 2012 18:50 UTC (Mon) by man_ls (guest, #15091) [Link]

Sorry, I meant "Exceptions are good also to throw from APIs, as long as they are documented".

But throwing a NullPointerException is not what I said; that is obviously a bad idea in any case. Just declare an unchecked exception for every failure condition (with an umbrella super-exception) and document them. That way you can throw them from any point in your code. This is not different from your description: "document how you can fail, and come up with return codes or another API to handle it cleanly". Unchecked exceptions are a wonderful way to handle failures cleanly; in effect these exceptions become another part of your API.

IMHO, avoid checked exceptions like the plague because they become, without exception, a mess. In a recent Android app I thought I could get off with a checked exception for offline mode to force implementors to deal with it, but in the end I had to change it back to unchecked.

No thanks.

Posted Oct 27, 2012 17:37 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Yeah, sure. So now you're proposing to do LOGGING from basically every level of stack. And where are you going to log things? If you say 'stderr' then I'm going to come and burn down your house.

No thanks.

Posted Nov 9, 2012 2:34 UTC (Fri) by HelloWorld (guest, #56129) [Link]

http://www.joelonsoftware.com/items/2003/10/13.html

Joel doesn't have a clue, and that article is a perfect example of that. Exceptions don't create any new exit points for a function; if you handle all possible errors in the way he suggests, you'll end up with just as many possible exit points. And also his other point about exceptions being invisible in the source code is a complete red herring, because you know what's invisible and hard to find with code inspection too? Missing error code checks.

And there's even more nonsense. He's right in that you can't write result = f(g(x)) when g might fail. But being able to return multiple values (which Haskell and ML don't allow, returning tuples is something different) doesn't do anything at all to solve that problem. So please, stop spreading that link, it's just stupid.

With regard to generics: if you find yourself using interface{} everywhere, you're doing something wrong.

Yes, and I know what: you're using Go.

With that being said, generics might be added to the language at some point.
Deferring that to "some point" just shows utter cluelessness. The type system is the cornerstone of a programming language. It's an exercise in futility to try to bolt something as important as parametric polymorphism onto a language as an afterthought. And it's not like its are something new and mysterious. ML had it 40 years ago and the theory behind it (System F and its variants like System F<:) is well-understood.

No thanks.

Posted Nov 9, 2012 8:00 UTC (Fri) by paulj (subscriber, #341) [Link]

He's stated it in terms that aren't correct, but I think he means exceptions increase the number of possible control-flow branch points in the code. Without exceptions, the branch points in a block of code are visually obvious. With exceptions, there may be multiple branch points per statement - and they are *implicit*, you can't see them.

This certainly raises the bar to fully understanding the behaviour of exception using code.

No thanks.

Posted Nov 9, 2012 9:33 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

Nope. Exceptions force you to restructure you code to be exception-sane.

I.e. if you open a resource then you should do it in a try-finally block (or its analog). In C++ you should wrap in automatic object.

Error codes, on the other hand, promote sloppy design. Certain error codes are almost always ignored, like printf() return result (do you know that it can be used to process SIGINT gracefully?) or close().

No thanks.

Posted Nov 9, 2012 9:47 UTC (Fri) by paulj (subscriber, #341) [Link]

Sorry, but it's a fact that exceptions introduce implicit control-flow branch points at each statement, potentially even multiple such. That you can disagree with my comment on that point suggests either that you do not understand how exceptions are implemented, or else you somehow ignored the content of my comment in replying to it.

That coping with this requires structuring code in certain ways when using exceptions is true, but a different point, and it is still non-trivial at times because of the prior point. Just have a look at discussions on exceptions in C++ in constructors and destructors.

Note that I was not advocating for error return codes. That's a strawman argument you're incorrectly attributing to me.

No thanks.

Posted Nov 9, 2012 10:22 UTC (Fri) by hummassa (subscriber, #307) [Link]

That is the point:

> Sorry, but it's a fact that exceptions introduce implicit control-flow branch points at each statement, potentially even multiple such.

THAT IS NOT A FACT AT ALL.

Those implicit control-flow branch points WILL HAVE TO BE DEALT WITH ANYWAY, they were already there. Only without exceptions you have to deal with them all at all positions in your code. Explicitly. You are writing code that is scaffolding code, not code that does what the program actually needs to do.

When you use exception, you write only the code that does what the program actually needs to do, with some sanity checks here and there. You follow the sanity rules, you are safe.

For instance, every time you open a file things can go wrong. Supposing you have a function call hierarchy main -> f -> g -> h, and h() wants to open a file, one of the following will happen:

1. you (generic "you", ok?) won't check open() results, will proceed as if the file was open, and undefined and terrible things will happen;

2. (try#2) you will check open() results, return an error code, g() does not check for the error code and proceeds, hilarity ensues;

3. (yes it finally works) g() checks h() error code, f() checks g() error code, main() checks f() error code, prints a suitable message.

4. (despair happenning) you have to call i() from g() and j() from f() and both have to open files. At this point, if you don't forget anything (you have to do every of these checks yourself, manually) you have a program that is at least 25% scaffolding.

With exceptions, one of those will:

1. open() throws, _main() aborts and prints "unexpected exception". The program already works.

2. (let's make this pretty) you put a catch() block on main(), print a pretty message cerr << "file " << name << " could not be open". The program still works.

3. (down the road) you have to add i() and j() and the program still works. No need to repeat step 2.

> Note that I was not advocating for error return codes.

No, but you are differentiating "implicit control-branch points" from "explicit" ones and it does give that impression. My point is that: implicit control-branch points are there anyway (you open a file, things can go wrong in the process), and dealing with them implicitly is better then explicitly.

Yes, dealing implicitly with exceptions means that sometimes you have to be exceptionally (ha!) safer (constructors/destuctors). But it just helps you to clarify your code and tell better when things can go wrong.

No thanks.

Posted Nov 9, 2012 10:29 UTC (Fri) by paulj (subscriber, #341) [Link]

So the control-flow branch points which you disagree exist have to be dealt with anyway? So they don't exist but they do.

There are other ways to deal with errors, besides exceptions or error return codes. You can design the underlying, called-into code to explicitly follow a state machine, and have idempotent error state. Calling code then do a number of operations on such objects, and check at the end whether they succeeded or not, and if not, query the reason for the error.

No thanks.

Posted Nov 9, 2012 16:35 UTC (Fri) by HelloWorld (guest, #56129) [Link]

> So the control-flow branch points which you disagree exist
Did you even read what he wrote? He didn't say they don't exist, he said that they exist regardless of whether you use exceptions or error codes to handle errors.

No thanks.

Posted Nov 9, 2012 23:40 UTC (Fri) by nix (subscriber, #2304) [Link]

Each statement? If only it were so easy. At each statement, each function call, and each potentially overloadable operator. The number of abnormal edges can get ridiculous. There could be *dozens* in a single thing that looks like one statement.

No thanks.

Posted Nov 10, 2012 3:26 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Nope. The number of statements where special exception handling is needed is SMALL. Basically, only the code that works with external or shared long-living resources.

No thanks.

Posted Nov 10, 2012 10:21 UTC (Sat) by paulj (subscriber, #341) [Link]

There you go again saying "Nope" to something that is factually correct. At this stage it's hard to conclude anything other than that you simply don't understand how exceptions work under the hood.

No thanks.

Posted Nov 10, 2012 16:10 UTC (Sat) by nix (subscriber, #2304) [Link]

It's clear he's never written any significant body of exception-safe code in C++, that's for sure. (Hint, Cyberax: consider a simple RAII object which allocates some memory in its constructor, in two tranches, with a single assignment between. Now consider that memory allocation can throw bad_alloc, as can the invocation of the assignment operator, if not elided by the compiler, as it can sometimes be -- and consider that if this is templated, you have to consider that *every possible point* that might throw exceptions, will throw exceptions, since you don't know what types you'll eventually be dealing with.

That memory allocation is not a shared resource except inasmuch as the heap is shared -- in which case you have to consider almost *everything* a use of a shared resource -- but you still need to consider the semantics of exceptions in order to figure out how to avoid a memory leak. And this soon gets thoroughly unobvious.)

No thanks.

Posted Nov 10, 2012 21:48 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

>Hint, Cyberax: consider a simple RAII object which allocates some memory in its constructor, in two tranches, with a single assignment between.
#include <stdio.h>
#include <memory>
#include <stdexcept>

class tracer
{
public:
	tracer() { printf("Constructing\n"); }
	~tracer() { printf("Dying\n"); }
};

class tester
{
	std::auto_ptr<tracer> t1_;
	std::auto_ptr<tracer> t2_;
public:
	tester()
	{
		t1_=std::auto_ptr<tracer>(new tracer());
		throw std::runtime_error("Test");
		t2_=std::auto_ptr<tracer>(new tracer());
	}
};

int main()
{
	try
	{
		tester t;
	} catch(const std::runtime_error &ex)
	{
		//Print exception info
	}
	return 0;
}

cyberax@cybmac:~/work$ ./a.out 
Constructing
Dying
And your point is?

Consider that you have to deal with exactly the same crap if you DO NOT use the exceptions. EVERY function you invoke can cause error conditions (such as out-of-memory).

Now please rewrite my example without exceptions, providing the same level of guarantees and functionality.

No thanks.

Posted Nov 10, 2012 23:06 UTC (Sat) by nix (subscriber, #2304) [Link]

You really don't understand, do you?

Consider just these three lines of your example:

t1_=std::auto_ptr<tracer>(new tracer());
throw std::runtime_error("Test");
t2_=std::auto_ptr<tracer>(new tracer());

Let's replace the stupid throw with something more likely to be actually seen in practice, say:

t1_=std::auto_ptr<tracer>(new tracer());
ptr=std::auto_ptr<blah>(new raiied_blah());
t2_=std::auto_ptr<tracer>(new tracer());

Now... if any of those constructors but the first throws, what do you do about it? If, for whatever reason, you cannot use auto_ptr (which is, to be honest, simply pushing off the RAII memory-allocation overhead to something else that has already done all the work) how do you prevent the earlier-allocated ones from leaking? That's right, you have to free at appropriate times in a catch handler. Now figure out which bits can throw. It's hard. It's very, very hard. I recommend Scott Meyers's Effective C++ books for more than you can possibly stomach on this (I wish I could reread mine, but I loaned them out and they never came back, I'm sure you know how it is).

No thanks.

Posted Nov 10, 2012 23:22 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Try it. I really mean it - try it. It would work just fine. Everything will be correctly destroyed.

>If, for whatever reason, you cannot use auto_ptr (which is, to be honest, simply pushing off the RAII memory-allocation overhead to something else that has already done all the work) how do you prevent the earlier-allocated ones from leaking?
By using auto_ptr or any other fitting smart pointer, there's literally no measurable overhead in using it. And there's no excuse in not doing it - and that was clear from the very start. That's actually a rationale for not including the "finally" keyword in C++ - because it might detract from using RAII.

Of course, if you really don't want to do it then you'll have to do the try..catch dance. Exactly like in C where ALMOST EVERY function might result in error and the most common pattern of error handling is "goto err_exit". That's actually why glibc handles OOM by calling abort() - it's simply too complicated to make everything in C error-safe.

PS: I had actually written a simple model verifier to verify my own collection library for upholding exception guarantees. That means that I've obviously read Sutter, Meyers, Stroustroup, Alexandrescu and quite a lot of other C++ writers.

No thanks.

Posted Nov 10, 2012 23:25 UTC (Sat) by foom (subscriber, #14868) [Link]

> Now... if any of those constructors but the first throws, what do you do about it?
You don't have to do anything, because auto_ptr's destructor takes care of it for you.

> If, for whatever reason, you cannot use auto_ptr ( which is, to be honest, simply pushing off the RAII memory-allocation overhead to something else that has already done all the work

That's the whole point! You *always* just use auto_ptr (or another smart pointer, e.g. unique_ptr) to take care of it for you! That's exactly why RAII is so nice, and has been best practice in C++ for years!

No thanks.

Posted Nov 11, 2012 9:32 UTC (Sun) by paulj (subscriber, #341) [Link]

That smart pointers are required exemplifies the "non-trivial" observation made of exception using code. And remind me again, how long have these been available as part of the standard C++ environment?

No thanks.

Posted Nov 11, 2012 10:37 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

Since at least 80-s. The problem was mostly in old C programmers who don't know better.

No thanks.

Posted Nov 11, 2012 12:53 UTC (Sun) by paulj (subscriber, #341) [Link]

Rubbish. I have books from the 90s on C++ that fail to mention smart pointers anywhere, written by C++ committee members.

Could good C++ programmers have created their own smart pointers in the 80s? I guess so. My strong impression though is that C++ programmers would have been *way* ahead of the state of understood wisdom in the C++ world at that time. My impression

To claim smart pointers are trivial, widely understood techniques since the 80s stretches credibility somewhat. If they're so trivial, so widely understood for so long, why did it take 20+ years to standardise some? Why is an only relatively recently standardised form of smart pointer already being deprecated in the next C++ standard? (auto_ptr for unique_ptr). My sense is that smart pointers are so trivial that even C++ standards committee members hadn't really fully grokked the implications of copying, moving and sharing them until relatively recently - but I guess they're just "old C programmers who don't know better".

Unfortunately, in the real world, many programmers just aren't quite as brilliant as you.

No thanks.

Posted Nov 11, 2012 13:04 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

> Rubbish. I have books from the 90s on C++ that fail to mention smart pointers anywhere, written by C++ committee members.
[citation needed]

> Could good C++ programmers have created their own smart pointers in the 80s? I guess so. My strong impression though is that C++ programmers would have been *way* ahead of the state of understood wisdom in the C++ world at that time. My impression
Well, you'd be wrong. The need for RAII-d resources was understood quite early in the game. I'm not sure about 80-s - there was no significant amount of C++ code then, but surely during the early 90-s.

http://www.stroustrup.com/bs_faq2.html#finally

>If they're so trivial, so widely understood for so long, why did it take 20+ years to standardise some? Why is an only relatively recently standardised form of smart pointer already being deprecated in the next C++ standard? (auto_ptr for unique_ptr).
Mostly for historical reasons. The first C++ Standard was developed in great haste (by ISO standards), there simply was not time to test the proposed things in production. And then it was too late so major additions had to wait until C++11. The same story happened with hash maps, btw.

However, Boost and other libraries had no shortage of various smart pointers.

No thanks.

Posted Nov 11, 2012 14:56 UTC (Sun) by paulj (subscriber, #341) [Link]

Herbert Schildt, "C++ Nuts & Bolts for Experienced Programmers", Osborne McGraw-Hill, 1995. (Yes, Schildt has gotten flack for technical errors / flaws on C++ in his books, and yes, this book wasn't intended to be a reference).

When was Boost created? late 90s. Before Boost there was the HP and SGI STL, which I gather inspired the standardised STL (and Boost?), and iostream. That work dates from the early 90s AFAICT. The SGI STL page doesn't seem to have any kind of smart pointer, dated 1994. C++98 has the auto_ptr, but it apparently is flawed. The early Boost pages reference this: http://web.archive.org/web/19991222182604/http://www.boos... which references books discussing smart pointer programming *patterns* from '92, '94.

I know this stuff is all trivial to you, but it does seem to me that it took about 10 to 15 years (80s to mid/late 90s) for leading C++ programmers to agree on patterns for dealing with exception safety, such as RAII, then getting some kind of smart pointer support in the language (standard or generally available libraries) in order to cope with remaining pitfalls in C++ RAII+exceptions. That smart pointer support then needed further refinement in the mid/late 90s and early 2000s to get to where we are today.

That doesn't quite suggest to me that this stuff is quite as trivial as you suggest to is. Finally, even with smart pointers, I still don't find exception handling code that uses them to be non-trivial! However, you do seem be a superior breed of programmer to the rest of us, so perhaps that's the reason for the discrepancy in views ;). (Intended as a gentle jibe, I hope you'll accept it in that spirit).

No thanks.

Posted Nov 12, 2012 2:05 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

>Herbert Schildt, "C++ Nuts & Bolts for Experienced Programmers", Osborne McGraw-Hill, 1995. (Yes, Schildt has gotten flack for technical errors / flaws on C++ in his books, and yes, this book wasn't intended to be a reference).
He's not a member of C++ committee.

>When was Boost created? late 90s. Before Boost there was the HP and SGI STL, which I gather inspired the standardised STL (and Boost?), and iostream.
The STL specification was written before there was a single more-or-less complete STL implementation (and it shows). That was also a problem with lots of C++ features (like exception specification or template export).

Exceptions appeared in GCC 2.7 in 1997, I think. Before that there was little reason to use them and to create best practices for them. Though the usefulness of RAII was understood earlier.

In Java exceptions with try..finally also appeared at about the same time. But without RAII.

No thanks.

Posted Nov 12, 2012 14:35 UTC (Mon) by paulj (subscriber, #341) [Link]

Well, Schildt's wikipedia page says he was involved in C++ standardisation in the 90s. I don't know myself if that's correct or not.

As for exceptions, they were developed in the late 80s, standardised in the early 90s, and there were commercial compilers supporting exceptions since at least '92 apparently. See: http://www.stroustrup.com/hopl2.pdf. The release history of GCC possibly isn't that relevant, a number of proprietary implementations of C++ had more significant usage than g++ back then iirc.

Anyway..

No thanks.

Posted Nov 12, 2012 14:38 UTC (Mon) by paulj (subscriber, #341) [Link]

Oh, the '95 Schildt book has a section on exceptions.

No thanks.

Posted Nov 9, 2012 23:38 UTC (Fri) by nix (subscriber, #2304) [Link]

Consider how long it took after the introduction of exceptions into C++ to figure out how to write truly exception-safe code. It took *decades*. Doing it is not remotely obvious.

No thanks.

Posted Nov 10, 2012 3:25 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

Nope. The way to write exception-safe code has been clear from the start (modulo a few foulups in the Standard). That's why there's no "finally" keyword in C++.

The main problem was that exceptions were added quite lately in the game, and they were not reliable and/or generally available until at least early 2000-s. So we're stuck with huge amount of legacy non-exception-safe code.

But that's a poor excuse for creating a new language without exception support.

No thanks.

Posted Nov 10, 2012 16:06 UTC (Sat) by nix (subscriber, #2304) [Link]

Well it's curious the way I have multiple whole books which have about a third of their total page count discussing how to write exception-safe code in the presence of copy constructors, assignment operators, operator() and other such things which throw exceptions (throw in the possible elision of temporaries if you want to make it really fun).

Perhaps I was hallucinating and e.g. Herb Sutter's writings on the subject do not in fact exist, and it was 'clear from the start'. That would explain it, but I don't think that's so.

No thanks.

Posted Nov 10, 2012 21:49 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]

And the whole books should have been written on writing safe C code in presence of errors.

A simple question - how do you deal with errors in the ubiquitous "goto error_exit" pattern in C?

No thanks.

Posted Nov 10, 2012 23:08 UTC (Sat) by nix (subscriber, #2304) [Link]

I actually solved this once with a really ugly exception-unwinder (implemented mostly in macros with one fugly bit of arch-dependent code). A few years later I had to port it to a new platform and wished I'd done something else.

(btw, I wish you'd be less bloody combative all the time. You turn every discussion on LWN into a minor war.)

No thanks.

Posted Nov 11, 2012 0:45 UTC (Sun) by hummassa (subscriber, #307) [Link]

Kettle, meet pot. :-D
But j/k, I love your discussions. From both of you. I learn a lot.

No thanks.

Posted Nov 11, 2012 5:12 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

>I actually solved this once with a really ugly exception-unwinder (implemented mostly in macros with one fugly bit of arch-dependent code).
Yup. Each sufficiently complex error handling system is indistinguishable from exceptions.

> (btw, I wish you'd be less bloody combative all the time. You turn every discussion on LWN into a minor war.)
Well, it's clear for me that there are only two kinds of opinions: mine and incorrect. I don't understand why other people still disagree.

No thanks.

Posted Nov 11, 2012 9:54 UTC (Sun) by paulj (subscriber, #341) [Link]

You can structure your code (in C, C++, Java, etc) so that you only have to check for errors at object creation, and thereafter only where it is convenient - i.e. you can do as many operations on the objects as you want without having to check for erros, without any use of control-flow branch points exploding exceptions:
do {
  var f = foo_new ();
  var b = bar_new ();

  if (!f || !b)
    break;

  f.twiddle ();
  b.jiggle ();
  
  <do as many more operations as you want on f and b,
   without need for checking for errors>

  if (f.state == ERROR || b.state == ERROR)
    break;

  <do whatever updates to this objects internal state,
   and update its .state appropriately>
  return;
} while (0);

if (f)
  foo_delete (f);
if (b)
  bar_delete (b);

<set this object to its error state>

return;
You do this by having the objects keep a finite state machine internally, with an idempotent error state. You could do more sophisticated error recovery by also tracking the prior state, that transited into the error state and potentially other more detailed info, e.g. with:
if (b.state == ERROR) {
  switch (b.prev_state) {
     ...
  }
}
Most of the same benefit of exceptions - of being able to move error handling out of the primary flow of code - but without the control-flow explosion (no need for goto either).

No thanks.

Posted Nov 11, 2012 10:03 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

So you now have to prefix ALL methods of f's class with "if (error) return error;". Nice.

And of course, you can forget about doing "b.twiddle(f.jiggle())".

And it'll be especially vexing in code that might be reused in several parts of a project. Additionally, your deleters (foo_delete, bar_delete) might in turn cause errors, how are you going to process them?

It's amazing to what lengths people would go just to avoid using exceptions. Why, they'd even re-invent exceptions without all their nice properties and with all the bad ones.

No thanks.

Posted Nov 11, 2012 11:01 UTC (Sun) by paulj (subscriber, #341) [Link]

Whether you do or don't use exceptions, it's far from a bad idea for objects to always check their internal consistency on entry from external callers. As for dealing with errors in clean up, remind me again how exceptions improves on that? Would you throw an error from a destructor?

Also, you seem to be suffering from some kind of binary thinking - that people are either for or against something - and projecting that onto others. I have not at any stage expressed an opinion on whether exceptions should be avoided or not.

No thanks.

Posted Nov 11, 2012 11:20 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

>Whether you do or don't use exceptions, it's far from a bad idea for objects to always check their internal consistency on entry from external callers.
That's a bad idea because of a several reasons. All reliable systems should be built on the idea of invariants and contracts. The violation of the contract/invariant should be treated as a fatal error.

So putting "assert(someInvariantState==43)" in method's body is fine as a purely debugging tool to find programmer's error. However, doing "if (someInvariantState!=42) return -ERR;" is a big NO-NO.

>As for dealing with errors in clean up, remind me again how exceptions improves on that? Would you throw an error from a destructor?
C++ doesn't have a nice solution for that. Java has one in the form of nested exceptions - it's possible to replace the current exception with the new one, retaining the current one as a nested exception.

No thanks.

Posted Nov 11, 2012 15:29 UTC (Sun) by paulj (subscriber, #341) [Link]

From my perspective, programming network services, where inputs may come from bad actors, and where the last you want to do is to allow a bad actor to cause your system to deny service to the good actors, I flatly disagree that violation of contracts should result in fatal errors - termination of that service to that actor, in a clean way, yes, fatal end of programme and all service: absolutely the wrong goal. (Invariants should be fatal, but that's a different thing).

And if you think I've been arguing that errors should be returned and caught and handled at each method call you've simply not read my comments, and you're just arguing with a figment of your own imagination. Good luck with that :).

No thanks.

Posted Nov 11, 2012 15:57 UTC (Sun) by raven667 (subscriber, #5198) [Link]

Fatal termination of the program might be the only safe bet if the internal state is compromised by a bad actor, I would be distrustful of claims to "cleanly" recover or try to "handle" errors that they actually can't handle. That's why long-running processes should be run under high availability supervision like daemontools or systemd.

I'm no expert on implementation details but the idea of Exceptions seems right to me, errors can't be ignored, they have to be handled or the program dies, which seems better to me than having your program jump the track and keep stupidly barreling along mowing through your data, driving through your living room window 8-)

No thanks.

Posted Nov 11, 2012 16:19 UTC (Sun) by paulj (subscriber, #341) [Link]

If the internal state is compromised yes. However, you want to reject the bad actor's input before that happens. Parsing things with state machines and related automata, and cleanly rejecting invalid input (and dispensing with associated state) is not rocket science. (Note that method calls related to some piece of state can be viewed as inputs/transitions on an automaton).

Asserting and crashing should be a last resort in daemons that must provide shared-state services to multiple actors. While it is preferable to assert than to allow a security critical error, asserting itself may be a security critical error - handling errors cleanly is again preferable to the assert. A better approach is to have multiple layers of defence, with asserts against critical inconsistency errors at lower layers (e.g. forcing all IO through checked, bounded buffer abstractions), and well-defined automata at higher layers to provide clean error semantics (potentially multiple levels of such). You can't just restart, because of the shared-state. If you externalise the shared-state so that the code can be restarted, you still need to ensure that shared-state can never be manipulated into an inconsistent state.

All the world is a state machine, even the functional programming world. ;)

No thanks.

Posted Nov 11, 2012 10:39 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

Oh, and if "f.twiddle ();" returns with an error and "b.jiggle ();" depends on some side effects of "f.twiddle()" that hasn't happened then you get a very nice "wish you happy debugging!" moment.

No thanks.

Posted Nov 11, 2012 10:55 UTC (Sun) by hummassa (subscriber, #307) [Link]

And more -- good look synchronizing the FSMs for 42 instances of each of 42 different types of objects (think a *simple* payroll application). THAT is full of happy debugging moments.

No thanks.

Posted Nov 11, 2012 12:36 UTC (Sun) by paulj (subscriber, #341) [Link]

Pretty much all non-trivial objects (composites, or ones with implicit constraints on fields that can't be expressed in the type system or language) have an FSM, at a minimum the 2-state FSM of "Internal state is consistent" and "Internal state is not consistent". You have to deal with that reality one way or another. Tracking that consistency internally through an explicit FSM is one way. Dealing with invalid use of that object after errors through an idempotent error state or assertions or exceptions all have their pros and cons.

You don't have to synchronise all the FSMs. Or at least, if you do, then it wasn't because you added an explicit FSM - you had to effectively be synchronising their state already anyway. All it does is crystalise and making explicit (inc making it queryable to outside users) requirements that are already there.

No thanks.

Posted Nov 11, 2012 13:06 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link]

That's about THE WORST possible system to write software. It combines everything:
1) Hidden state, affecting execution silently.
2) Completely decoupling the error site and the place where error is detected/handled.
3) Possible unforseen interactions through side-effects.
4) Mutable objects.
5) Non-thread safety by design.

No thanks.

Posted Nov 11, 2012 15:07 UTC (Sun) by paulj (subscriber, #341) [Link]

1. Many state+code objects in software have hidden state - it's called encapsulation.

2. Decoupling error handling from the error site (in terms of the programming language syntax) is exactly what exceptions do!

3. You could level this argument at pretty much any OOP code, you'd have to be writing pure functional code to avoid this charge.

4. Ditto.

5. Thread safety is completely orthogonal. Making it thread-safe is no different to making other stateful objects thread safe.

You're just throwing accusations blindly in the hope some stick, methinks. :)

No thanks.

Posted Nov 12, 2012 1:52 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

>1. Many state+code objects in software have hidden state - it's called encapsulation.

Normal designers try to MINIMIZE it. You are not only add it gratuitously, but also introduce non-trivial interdependencies between objects.

For instance:
>f.twiddle();
>j.jiggle();

What if j.jiggle() takes 10 minutes to complete? Then your code would just be losing time if "f.twiddle()" is in error.

>2. Decoupling error handling from the error site (in terms of the programming language syntax) is exactly what exceptions do!

Not error handling, but error _detection_. You can simply forget to check that f's state is OK after the loop. Then there's a problem with compounded errors.

> 3. You could level this argument at pretty much any OOP code, you'd have to be writing pure functional code to avoid this charge.

Nope. Good modern OOP code tries to minimize mutability (it's OK to use mutable objects where it's necessary) - a lot of new OOP languages even have variables that are immutable by default, for example.

> 5. Thread safety is completely orthogonal. Making it thread-safe is no different to making other stateful objects thread safe.

No. For instance "f" object might be immutable except for its "error" state.

BTW, I think that there should definitely be a death penalty for those who abuse do..while loops to emulate "goto".

No thanks.

Posted Nov 12, 2012 10:05 UTC (Mon) by paulj (subscriber, #341) [Link]

No dependencies have been added between objects.

In extreme cases, such as j.jiggle () taking 10 minutes, then you might want to check before it. I gave a sketch of a programming pattern - it wasn't intended to be an exact solution for every possible programming problem. If you use it, you will still need to apply some intelligence of your own.

Note further, I was not even claiming that this is *THE* pattern to solve all error-handling. I was just giving it as an example, for consideration, as you earlier had asked for examples of error handling without exceptions (well, you asked for a goto error-exit pattern example, but I assumed other examples would also be allowed).

Object mutability: If an object is immutable, then its state doesn't change and will be immutable. Clearly there is little point in applying state-tracking patterns to single-state objects. This pattern applies to objects with a finite multiplicity of states. Despite your contention, I am fairly sure programming is full of such objects.

Even if you use a series of immutable objects and transition between them, you will still have an FSM with mutable state at a level above those immutable objects, implicitly or explicitly.

No thanks.

Posted Nov 11, 2012 12:27 UTC (Sun) by paulj (subscriber, #341) [Link]

You have to query the state of the objects FSM before using any of its other state in this pattern, yes. For other querying methods, returning state other than the FSM state, you can make that a terminal exception (in the "assert()" sense) if such other state is queried for when the object is reached its error state, or you could throw an exception.

No thanks.

Posted Nov 9, 2012 8:08 UTC (Fri) by ekj (guest, #1524) [Link]

While I agree with much of your critique, you're being overly harsh on him on one point.

Here's what he said:

"I think the reason programmers in C/C++/Java style languages have been attracted to exceptions is simply because the syntax does not have a concise way to call a function that returns multiple values"

Notice that's he's talking of the *syntax*, and functionally the tuple-unpacking that some languages allow do come close to being equivalent to being able to return multiple values.

handle, errcode = open('blah.dat')

This is prettier than the all-too-common functions that do things like "this function will return the count of Widgets, or -1 if something went wrong", also it's less error-prone because with the above you can't accidentally treat an error_code as valid data. (and proceed as if there where really -1 Widgets, say)

No thanks.

Posted Nov 9, 2012 22:25 UTC (Fri) by HelloWorld (guest, #56129) [Link]

I didn't say that tuples were useless for error handling (although sum types (aka algebraic data types) are much more useful for that), I said that they don't help solving the "result = f(g(x))" problem.

No thanks.

Posted Nov 9, 2012 9:28 UTC (Fri) by renox (subscriber, #23785) [Link]

Your analysis of Joel's article seems quite shallow, I think that you are prejudiced against him and you should reread his article, his points aren't bad.

Also why do you consider returning a tuple different from returning multiple values?
The only thing that matter is allowing the programmer to have a readable way to access multiple return values ( y,z = f(x) ), whether these return values are in a tuple or not is not so important, thought I would argue that the tuple is better as it also allow f(g(x)) so it's better (provided it still allow the simple access to the multiples values).

No thanks.

Posted Nov 9, 2012 15:49 UTC (Fri) by HelloWorld (guest, #56129) [Link]

Your analysis of Joel's article seems quite shallow,
Feel free to write a rebuttal. Until then, I'll consider my points valid.
Also why do you consider returning a tuple different from returning multiple values?
I consider them different because they are different (duh). Let's say you have a function that duplicates its argument. In Haskell using a tuple, that's
dup x = (x,x)
Now assume a multiply-add function:
mad a b c = a*b+c
How can you combine these to write a function that returns x*x+x? In a language like Haskell you can't easily do it with for example composition, you have to do something like
foo x = mad x x x
otoh, PostScript actually allows you to return multiple values, and there it's trivial:
/mad { mul add } def
/foo { dup dup mad } def
(dup is a builtin in PostScript)

No thanks.

Posted Nov 9, 2012 16:14 UTC (Fri) by apoelstra (subscriber, #75205) [Link]

You know you're on LWN when a language war leads to a comment extolling PostScript over Haskell...

No thanks.

Posted Nov 9, 2012 21:33 UTC (Fri) by HelloWorld (guest, #56129) [Link]

It was the most well-known language I could think of that actually supports returning multiple values. Lua supposedly allows it too, but it's limited. Simple things work
function dup(x) return x, x end
function add(x,y) return x, y end
print(add(dup(3))) -- prints 6
but more somplex examples, such as
function dup(x) return x, x end
function mad(x,y,z) return x*y+z end
print(mad(dup(dup(3))))
don't. I'm not sure it can work in a non-stack-based language.

No thanks.

Posted Nov 10, 2012 0:22 UTC (Sat) by hummassa (subscriber, #307) [Link]

works perfectly in perl:

sub dup { $_[0], @_ }
sub mad { $_[0]*$_[1]+$_[2] }
say mad dup dup 3

No thanks.

Posted Nov 10, 2012 14:09 UTC (Sat) by HelloWorld (guest, #56129) [Link]

This works because your version of dup returns excess arguments unmodified. Most perl functions don't do that, so it's not quite the same thing.

No thanks.

Posted Nov 11, 2012 0:44 UTC (Sun) by hummassa (subscriber, #307) [Link]

It does that because I modelled it after the postcript/forth example. In perl, is actually quite easy to adopt this style of programming:

sub mad { my($a, $b, $c, @rest) = @_; $a*$b+$c, @rest }

So you can use @_ as the forth/postcript stack...

No thanks.

Posted Nov 9, 2012 17:50 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

Intimidating, but:

compose :: (Num t) => t -> t
compose = uncurry (uncurry ((uncurry .) . (const . mad))) . dup . dup

Basically, the `const' adds a fourth (ignored) parameter to `mad' and then we uncurry that function to get it to take a tuple of tuples and then `dup . dup' the input to make `((x, x), (x, x))'. Granted, this looks nasty, but is also something that lamdabot might have been able to generate when asking for how to rewrite the obvious implementation in a point-free way.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds