if (!$user->active) {
<p>Fob off!</p>
die()
}
<p>Passcode to the world: <?php echo $world->pasccode; ?></p>
if ($user->active) {
<p>Passcode to the world: <?php echo $world->pasccode; ?></p>
} else {
<p>Fob off!</p>
}
if ($user->blah) {
setSomething($user);
} else {
info("user not bla, not setting something");
}
# the rest
if ($user->blah) {
setSomething($user);
}
# the rest
Indeed - I have an extended equivalent from CGI-bin that I'm including in the full story in the book, since running things as a script vs as a program has different implications for killing the running process. The patterns you mention here tend to be my preferred way of working - exhaustiveness checking of branches. In modern TypeScript, I enforce that via union-type error handling rather than using exceptions (which are a nightmare when it comes to affordance imo). I'm generally a functional programmer rather than an imperative programmer. But the case mentioned in the blog post was about 12 years ago now, so it didn't have the same options as we currently have.
This is so important, but just isn’t heeded.
I work with some smart people, but they tend to defend choices by saying “It’s pretty straightforward” and “This is the way we’ve historically done this”.
I’ve gotten to the point where I don’t feel that I have the energy to try to debate, because it’s just like beating a ball against a brick wall. I used to rationalize it as “This will be a learning experience for them”, but no, they haven’t learned.
The way I put this practice into place involves accepting that people will just do whatever they find easiest, regardless of whether it's technically the right thing to do. I account for that when I'm designing APIs, languages ([Derw](https://www.derw-lang.com/)), frameworks, or tooling. If I make the correct thing the obvious or easiest thing to do, less people will do the incorrect thing. They will still do incorrect things, it's human nature. But they'll do it less frequently.
A common affordance that invites mistakes is a library that has something like `file_exists(path)` (because it often introduces hard-to-debug race conditions), or `db.query(string)` (because it invites string interpolation and SQL injection).
> While this bug was a costly mistake, we learned from it. Whenever we would deploy code-last minute, we'd try to test it more rigorously. If we were running a study without internet access, we'd make sure to test in the same environment. We hadn't accounted for the environment change, partially due to the short notice for the locked-down machine, but also just because we didn't test with the exact same restrictions.
If the stakes were higher (say, brain surgery to get some study results), you'd want even more planning around storage/access so that your disk doesn't die and the server is unreachable at the same time and lose the only copy. Letting a developer come up with this on their own is a footgun with an incredibly sensitive trigger.
The other reason it's design/requirements is so everyone knows and it's not just Tim the developer coming up with his own idea and not really detailing it to anyone, and then Tim gets hit by a bus and someone has to go figure out what he did (or more likely, fired because they thought AI could do all of this for them).
wongarsu•8h ago
I wonder if they would have spent more thoughts on error handling in a language that defaults to crashing on error (e.g. Java's exceptions)
brabel•8h ago
However, Java has checked Exceptions which would force you to handle the possibility explicitly or the code would not compile, but the Java experience shows that almost always, people will just do:
Or even just log the Exception (Which would actually be the right thing to do in the case of the study!).With Go's multiple return values to represent errors, they are also known to be too easy to "forget" to even look at the error value.
With Rust's approach, which is using sum types to represent either success or error (with the `Result` type), it is impossible to forget to check, like Java checked Exceptions... but just like in Java, arguably even easier, you can just sort of ignore it by calling `unwrap()`, which is fairly common to do even in production-level Rust code (it's not always wrong, some very prominent people in the Rust community have made that point very clearly... but in many cases that's done out of laziness rather than thought), and is essentially equivalent to PHP `or die` because it will panic if the result was an error.
gleenn•7h ago
wongarsu•7h ago
Maybe a better example of the opposite would be python, with its unchecked exceptions. One of my first thoughts in python error handling is "here I don't want exceptions to propagate, let's throw in a lazy `try ... except print(...); sleep(1)`.
But I'm not sure I actually do that more than e.g. in rust, simply because I write them in so different environments (my python code just has to run and produce correct results, my rust code is rolled out to customers and has to pass code review)
Terr_•6h ago
Like if one could easily specify that within a certain scope (method or try-block), any of a list of exception classes (checked or unchecked) will become automatically wrapped into a target checked exception class as the chained "cause."
So you could set a policy that EngineBrokenException=or OutOfFuelException bubbling up will become FleetVehicleInoperableException.
eeue56•2h ago
In this case, I think the actual API we used would take a callback for success, and a callback for errors. I just used JS an example for how unnatural it would be to call something that exits the entire script early.
I have a big problem with promises + exceptions generally in JavaScript - much preferring union types to represent errors instead of allowing things to go unchecked. But I left that out as it was kind of a side-note from the point of affordance.
layer8•1h ago
In the end, it’s an issue of education. People need to be aware of the possible consequences, and have to be taught how to properly handle such cases. There is no way to automate error handling without the developer having to think about it, because the right thing to do is context-dependent. Checked exceptions at least make the developer aware of failure modes to consider.
Ferret7446•7h ago
Of course, it can't prevent people from pasting an error handler everywhere instead of thinking about it, which I think are the same people who hate Go's error handling
PaulKeeble•6h ago
In Java with checked exception you have no choice, you either try/catch it or you throw(s) it and are forced to handle it or its a compile error. Java does this aspect better, error handling features are relatively weak in Go but people have utilised the multiple returns well to make the best of it.
thaumasiotes•6h ago
You don't have to give any consideration to that if you don't want to; you can always just catch the exception and rethrow it as a RuntimeException.
tcfhgj•6h ago
Rust has almost the same error handling concept, but with way less boilerplate.
And Rust actually syntactically forces to handle the error case, because you can't just access the return value when there are potential errors
ansc•3h ago
pyrale•2h ago
You certainly must handle the error if you want your computation to continue.
> golang is more explicit
Not sure how golang is more explicit. In functor-based style, an error-prone computation stops if it yields an error and that error isn't handled explicitly. That makes sure that any successful computation is based on expected behaviour from beginning to end.
> and robust
Likewise, that's a claim based on nothing. Forcing developers to write a little snippet of code everywhere lest their code has a bug does not make code more robust.
> but I have definitely seen more ”extreme” and correct error handling in golang, whereas in rust the convenience of just bubbling it up wins.
You also have the option to match a result for lower-level error handling in rust.
Claiming that "convenience" makes rustaceans not use that option is like claiming that gophers don't check the error content because it's faster to panic.
tcfhgj•1h ago
I am not even sure if Rust is that more convenient in this regard generally. To actually be able to use a ?, you have to actually define a conversion for the error types (which again you define yourself) or explicitly opt into a solution like anyhow, which would allow to use them almost blindly.
In Go, you can just blindly put your boilerplate (potentially using IDE shortcuts/autocomplete as some suggested to me or told me about).
> whereas in rust the convenience of just bubbling it up wins
Not necessarily, I have seen so many ways of error handling at this point, and what is best probably may depend on the individual situation.
In my personal experience, neither using anyhow nor my current default approach (custom error struct and `map_err(Error::EnumVariant)?` have prevented me from acknowledging that a potential error and thinking about if I should handle it in the current function or bubble up, although I agree that the perceived cost of handling an error may be increased, because you add comparatively more code in Rust.
Further, I feel like what Rust does is already the upper limit of boiler plate I can tolerate, although I am not sure there is a better way of this type of error handling.