Exceptions in programming: asking forgiveness instead of permission
|October 26th, 2009|
|programming, python, tech|
Cwhere there is nothing to check that what you're doing isn't going to explode on you, the normal way to deal with exceptional conditions would be to check first whether there is a problem:
In languages that run in an interpreter, such as Python or Java, it's possible for the interpreter to make sure you're not doing anything illegal and raise an exception if you do. In C, trying to dereference a null pointer is undefined; code may do absolutely anything afterwards. In Python and Java, though, you get an AttributeError and NullPointerException instead. This is because when you writeif (obj != NULL) work_with(obj->attr); else pester_user("obj can't be null!");
a.bthere is low level code that always runs and checks that a is not null for you. Very handy. This means I can write a python version as:
The general idea that you should do something, then deal with the fallout if it fails, gets called "Easier to Ask Forgiveness than Permission".try: work_with(obj.attr) except AttributeError: pester_user("obj can't be null!")
There are three reasons, however, why I tend to find it
frustrating. One is that to make it work properly I need to know
exactly which exception will be thrown if the command fails. So
the python statement
a[i] will throw an IndexError if
a is a list or a KeyError if it is a dictionary. So I
need to look or I need to remember. Ugh. Why make me do that?
Can this be avoided?
My second issue is that it can hide errors. What if
is an instance of a class I've written that implements
__getitem__ to support
a[i] syntax, and has an
bug in it's implementation that manifests as an IndexError? My
code won't see that IndexError as exceptional, but instead just
a is empty".
My third issue is that it's ugly and verbose. I like to write in the 'permission getting' way with:
while the 'forgiveness requesting' way feels much worse:if key in a: work_with(a[key]) else pester_user("key not in a")
(Note that this brings up another issue with basing programming on exceptions: if eithertry: work_with(a[key]) except KeyError: pester_user("key not in a")
work_withmight throw a KeyError, I can't separate them cleanly.)
This is not actually a very good reason to dislike the second example, as it is no more verbose than the first one. Both are four lines, similar number of characters. They differ in that the first case requires me to know the proper check while the second case requires me to know the proper exception to catch. This shouldn't be import either. Do I just need to get used to the way try/except looks?
I'm not sure I can fix the third (it's ugly!) issue, but I think the first two might be fixable. They come from not being able to accurately indicate what I would like to catch. If I see someone write:
I see that what they intend is very likely "work withtry: work_with(a[key]) except KeyError: pass
a[key]if it exists". Is there a way we could tell python that? Something like:
then distinguishing errors raised by work_with from those raised by the lookup is clean:try: work_with(<a[key] : bad_indexing>) except bad_indexing: pass
Still not too happy about this, though. Need to think more.try: <work_with(<a[key] : bad_indexing>) : work_with_error> except bad_indexing: pass except work_with_error: pester_user("work with error")
Comment via: facebook