on Wed Mar 07 2007, gast128
David Abrahams
writes: IME defensive measures almost always make things worse. As noted in the thread I reference above, nobody has really developed a discipline that tells us what things to defend against, when to stop checking, and what we can reliably do when a problem is found. The result tends to be programs full of "corruption checks" and bogus "recovery code" that never gets tested or executed, making the program much harder to debug and maintain. In my experience, that approach vastly increases the likelihood of bugs.
I have quite the opposite opinion: I work on a new version of a large application and the old team had a very strict exception policy which gave the application instability and crashes.
Having a very _strict_ exception policy is no help at all if you pick the _wrong_ exception policy.
Because of this experience we built a much more forgiveness (without sacrifycing data integrity) in the application, which makes it more robust.
How do you know it isn't hiding prorgam bugs?
This does of course not mean that every pointer is checked, but an example can be that subsystems must check their arguments before continuing their work. Incorrect arguments will not be signaled by exceptions.
You don't seem to be reading the thread I referenced. Signalling incorrect arguments with exceptions is totally contrary to what I advocate. -- Dave Abrahams Boost Consulting www.boost-consulting.com