From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Structured exception information
Date: Wed, 17 Jan 2007 17:36:41 -0600
Date: 2007-01-17T17:36:41-06:00 [thread overview]
Message-ID: <SJudnT5O75BPLzPYnZ2dnUVZ_syunZ2d@megapath.net> (raw)
In-Reply-To: 1lpy2h06scx34.1i2k4dlbg0nfy.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
news:1lpy2h06scx34.1i2k4dlbg0nfy.dlg@40tude.net...
> On Tue, 16 Jan 2007 16:52:31 -0600, Randy Brukardt wrote:
>
...
> > But most of them cannot. And I have a lot of software that shouldn't
stop
> > just because it has a bug. For example, my mail server shouldn't stop
> > handling mail just because a bug was encountered (and it certainly has
had a
> > few bugs, especially in the spam filter): I want to write the failure
into a
> > special log, save the offending message if possible, reinitialize the
task
> > to a starting state, and continue. Anything else would stop the flow of
> > mail.
>
> How could you be sure that it would write log and not destroy your address
> database? A vivid example is MS-Word which corrupts the document being
> edited upon crash.
Sure? You can never be completely sure; you have to mitigate risks. But in
my case, I trust my compiler not to destroy anything before generating
checks (given that I wrote most of the compiler, I have a lot of knowledge
of what it will and will not do). I also build components to be resilient to
failure: most everything is controlled, and will reset itself to a correct
state if the objects are prematurely finalized. The main remaining risk is
using dangling pointers (and I try to avoid pointers as much as possible,
and use a special storage pool to try to detect that when I cannot avoid
it). An implementation that corrupted something on a failure is just not
acceptable.
But even with the logging, you still have to be able to deal with crashes.
For instance, these programs run on Windows; and it's been known to die
occassionally. So the mail server has to guard against that, too. Since,
because mail should never, ever be lost, most everything in memory is also
mirrored on disk: a mail message is written to disk before a successful
receipt is acknowledged, and it stays there until a successful receipt by
the destination is acknowledged. So, there is a tiny chance that mail might
be sent twice, but virtually none that it would be sent never.
At least in this case, the program can be restarted with little negative
impact. The main problem is that if it fails when no one is around, it could
be a long time before anyone is able to restart it. I think there are a lot
of programs in that category - that is, very important, but not loss-of-life
crticial.
> BTW, in my view, writing log is still a valid program
> state, it is a defined behavior. As long as you can continue, no matter
> how, it is not yet a bug within the scope where you continue.
Well, then there are no bugs in my mail and web servers. I'm happy to hear
that. ;-)
That doesn't match my definition of bug. There's not much to talk about if
we don't agree on the meaning of basic terms.
Randy.
next prev parent reply other threads:[~2007-01-17 23:36 UTC|newest]
Thread overview: 181+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-15 13:44 Structured exception information Maciej Sobczak
2007-01-15 17:17 ` claude.simon
2007-01-16 9:04 ` Maciej Sobczak
2007-01-16 22:39 ` Randy Brukardt
2007-01-15 17:28 ` Robert A Duff
2007-01-15 18:29 ` Georg Bauhaus
2007-01-15 19:44 ` Dmitry A. Kazakov
2007-01-15 20:06 ` Georg Bauhaus
2007-01-15 21:56 ` Randy Brukardt
2007-01-15 22:32 ` Robert A Duff
2007-01-16 18:36 ` Ray Blaak
2007-01-16 19:18 ` C# versus Ada (was: Structured exception information) Georg Bauhaus
2007-01-16 23:29 ` C# versus Ada Markus E Leypold
2007-01-18 10:22 ` Dmitry A. Kazakov
2007-01-17 18:14 ` C# versus Ada (was: Structured exception information) Ray Blaak
2007-01-16 23:27 ` Structured exception information Markus E Leypold
2007-01-17 7:28 ` Martin Krischik
2007-01-16 22:36 ` Randy Brukardt
2007-01-17 16:12 ` Bob Spooner
2007-01-17 23:42 ` Randy Brukardt
2007-01-16 9:11 ` Dmitry A. Kazakov
2007-01-16 10:45 ` Maciej Sobczak
2007-01-16 13:26 ` Dmitry A. Kazakov
2007-01-16 14:44 ` Maciej Sobczak
2007-01-16 15:15 ` Dmitry A. Kazakov
2007-01-16 17:50 ` Jeffrey Carter
2007-01-16 18:31 ` Dmitry A. Kazakov
2007-01-16 22:52 ` Randy Brukardt
2007-01-17 8:58 ` Dmitry A. Kazakov
2007-01-17 18:38 ` Jeffrey Carter
2007-01-17 23:18 ` Randy Brukardt
2007-01-17 23:46 ` Robert A Duff
2007-01-18 6:34 ` Jeffrey Carter
2007-01-19 7:34 ` Randy Brukardt
2007-01-19 13:52 ` Dmitry A. Kazakov
2007-01-19 18:57 ` Jeffrey Carter
2007-01-19 19:57 ` Robert A Duff
2007-01-20 20:59 ` Jeffrey Carter
2007-01-18 9:55 ` Dmitry A. Kazakov
2007-01-18 18:28 ` Jeffrey Carter
2007-01-17 23:36 ` Randy Brukardt [this message]
2007-01-18 10:16 ` Dmitry A. Kazakov
2007-01-15 22:19 ` Robert A Duff
2007-01-16 13:12 ` Georg Bauhaus
2007-01-15 22:42 ` Adam Beneschan
2007-01-15 23:22 ` Robert A Duff
2007-01-16 6:03 ` tmoran
2007-01-16 13:30 ` Stephen Leake
2007-01-16 14:33 ` Maciej Sobczak
2007-01-16 14:45 ` Georg Bauhaus
2007-01-16 17:54 ` Jeffrey Carter
2007-01-16 22:55 ` Randy Brukardt
2007-01-17 12:10 ` Stephen Leake
2007-01-17 14:05 ` Maciej Sobczak
2007-01-19 9:47 ` Stephen Leake
2007-01-19 11:03 ` Dmitry A. Kazakov
2007-01-20 15:04 ` Stephen Leake
2007-01-21 10:40 ` Dmitry A. Kazakov
2007-01-23 7:28 ` Stephen Leake
2007-01-23 14:21 ` Dmitry A. Kazakov
2007-01-25 2:39 ` Stephen Leake
2007-01-19 13:36 ` Maciej Sobczak
2007-01-20 15:33 ` Stephen Leake
2007-01-20 16:33 ` Robert A Duff
2007-01-21 22:42 ` Stephen Leake
2007-01-21 23:45 ` Robert A Duff
2007-01-22 9:14 ` Maciej Sobczak
2007-01-23 7:33 ` Stephen Leake
2007-01-23 15:07 ` Robert A Duff
2007-01-23 15:54 ` Maciej Sobczak
2007-01-23 17:10 ` Robert A Duff
2007-01-23 23:59 ` Randy Brukardt
2007-01-22 9:28 ` Maciej Sobczak
2007-01-23 9:46 ` Stephen Leake
2007-01-23 14:18 ` Maciej Sobczak
2007-01-25 2:32 ` Stephen Leake
2007-01-25 8:53 ` Maciej Sobczak
2007-01-26 9:35 ` Stephen Leake
2007-01-26 11:16 ` Markus E Leypold
2007-01-26 13:46 ` Georg Bauhaus
2007-01-27 18:17 ` Stephen Leake
2007-01-28 12:38 ` Simon Wright
2007-01-28 12:39 ` Simon Wright
2007-01-28 13:18 ` Stephen Leake
2007-01-28 15:44 ` Georg Bauhaus
2007-01-28 21:48 ` Ray Blaak
2007-01-28 18:50 ` Georg Bauhaus
2007-01-30 2:15 ` Stephen Leake
2007-01-31 18:58 ` Georg Bauhaus
2007-02-01 12:20 ` Stephen Leake
2007-02-01 14:17 ` Georg Bauhaus
2007-01-25 21:52 ` Randy Brukardt
2007-01-24 0:10 ` Randy Brukardt
2007-01-24 14:17 ` Wasteful internationalization (Was: Structured exception information) Alex R. Mosteo
2007-01-24 14:49 ` Dmitry A. Kazakov
2007-01-24 23:48 ` Wasteful internationalization Björn Persson
2007-01-25 9:45 ` Markus E Leypold
2007-01-24 21:03 ` Wasteful internationalization (Was: Structured exception information) Randy Brukardt
2007-01-25 11:17 ` Alex R. Mosteo
2007-01-25 21:37 ` Wasteful internationalization Björn Persson
2007-01-25 21:57 ` Wasteful internationalization (Was: Structured exception information) Randy Brukardt
2007-01-26 9:13 ` Dmitry A. Kazakov
2007-01-26 12:12 ` Georg Bauhaus
2007-01-27 4:09 ` Randy Brukardt
2007-01-27 17:15 ` Wasteful internationalization Stephen Leake
2007-01-27 20:44 ` Markus E Leypold
2007-01-28 0:09 ` Björn Persson
2007-01-28 1:08 ` Björn Persson
2007-01-28 15:21 ` Markus E Leypold
2007-01-29 1:23 ` Larry Kilgallen
2007-01-29 19:02 ` Björn Persson
2007-01-29 20:19 ` Larry Kilgallen
2007-02-01 6:23 ` Simon Wright
2007-02-03 0:48 ` Björn Persson
2007-02-03 1:04 ` Adam Beneschan
2007-02-03 11:52 ` Larry Kilgallen
2007-02-03 2:36 ` Markus E Leypold
2007-02-03 2:37 ` Markus E Leypold
2007-02-03 19:59 ` Björn Persson
2007-02-03 20:16 ` Markus E Leypold
2007-02-05 19:26 ` Björn Persson
2007-02-04 4:51 ` Alexander E. Kopilovich
2007-02-05 19:27 ` Björn Persson
2007-02-06 1:32 ` Randy Brukardt
2007-02-06 1:54 ` Markus E Leypold
2007-02-07 1:55 ` Björn Persson
2007-02-07 2:20 ` Markus E Leypold
2007-02-12 1:33 ` Björn Persson
2007-02-12 8:16 ` Franz Kruse
2007-02-12 9:20 ` Not at all wasteful internationalization Martin Krischik
2007-02-12 11:08 ` Georg Bauhaus
2007-02-12 13:02 ` Martin Krischik
2007-02-07 20:39 ` Wasteful internationalization Randy Brukardt
2007-02-08 13:33 ` Stephen Leake
2007-02-12 2:42 ` Björn Persson
2007-02-06 11:01 ` Peter Hermann
2007-02-06 19:02 ` OT: Flash (was: Re: Wasteful internationalization) Jeffrey R. Carter
2007-02-06 19:40 ` OT: Flash Markus E Leypold
2007-02-03 11:51 ` Wasteful internationalization Larry Kilgallen
2007-01-29 18:54 ` Björn Persson
2007-01-29 19:03 ` Markus E Leypold
2007-01-30 17:46 ` Georg Bauhaus
2007-01-30 19:37 ` Markus E Leypold
2007-01-30 20:43 ` Georg Bauhaus
2007-01-30 20:50 ` Georg Bauhaus
2007-01-30 21:54 ` Markus E Leypold
2007-01-31 11:26 ` Alex R. Mosteo
2007-01-31 15:17 ` Markus E Leypold
2007-02-03 0:49 ` Björn Persson
2007-02-03 16:05 ` Alex R. Mosteo
2007-02-03 0:48 ` Björn Persson
2007-02-01 12:08 ` Stephen Leake
2007-02-03 0:49 ` Björn Persson
2007-02-03 9:46 ` Dmitry A. Kazakov
2007-02-03 18:48 ` Stephen Leake
2007-02-03 20:27 ` Björn Persson
2007-01-30 2:20 ` Stephen Leake
2007-01-30 10:01 ` Wasteful internationalization (Was: Structured exception information) Harald Korneliussen
2007-01-19 15:45 ` Structured exception information Robert A Duff
2007-01-20 16:08 ` Stephen Leake
2007-01-20 21:59 ` Robert A Duff
2007-01-19 18:14 ` Ray Blaak
2007-01-19 20:07 ` Robert A Duff
2007-01-20 16:16 ` Stephen Leake
2007-01-20 21:20 ` Ray Blaak
2007-01-21 22:34 ` Stephen Leake
2007-01-20 22:07 ` Robert A Duff
2007-01-21 10:45 ` Dmitry A. Kazakov
2007-01-21 23:51 ` Robert A Duff
2007-01-22 14:39 ` Dmitry A. Kazakov
2007-01-22 19:02 ` Robert A Duff
2007-01-23 14:23 ` Dmitry A. Kazakov
2007-01-29 1:30 ` Brian May
2007-01-16 13:30 ` Structured exception information (task, ANEX E) Martin Krischik
2007-01-16 23:07 ` Randy Brukardt
2007-01-19 16:01 ` Robert A Duff
2007-01-22 7:17 ` Martin Krischik
2007-01-22 19:40 ` Robert A Duff
2007-01-16 15:48 ` Structured exception information Alex R. Mosteo
2007-01-16 18:07 ` Jeffrey Carter
2007-01-17 6:38 ` Duncan Sands
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox