[Isolate-interest] checked vs. unchecked exceptions

Godmar Back gback@cs.vt.edu
Mon, 11 Oct 2004 20:44:00 -0400 

On Mon, 11 Oct 2004 19:02:10 -0400, Pete Soper <pete@soper.us> wrote:
> Godmar Back wrote:
> >>From what I remember, the decision to use checked or unchecked
> > exceptions should reflect, among other considerations, whether one
> > expects applications to ordinarily recover or not recover from the
> > exceptional situation.  (JLS 11.2)
> >
> > Do we apply the same yardstick here?
> >
> > If so, arguments could probably be made either way, but there's one
> > thing that strikes me: isolates are called isolates because they
> > provide isolation.  If there's no need for isolation, applications
> > won't be written to use isolates.  If there is a  need for isolation,
> > then fundamentally multi-isolate applications cannot make assumptions
> > about the current state of an isolate with which another isolate is
> > communicating via a link.  They simply don't know whether it's still
> > up or not.
> >
> > This reasoning would be a strong argument in favor of checked
> > exceptions, since by definition/expectation multi-isolate applications
> > must handle link failures whenever they occur.  These link failures
> > are assumed to be caused by another isolate's crash as opposed to an
> > explicit close() (a problem in application logic) or failures in the
> > underlying communication system (the aggregrate failure you mention.)
> 
> I'm going to take your use of "crash" here as a program failure caused
> by a logic error. I think this tends to get weeded out as an application
> moves from development to deployment. 
> 

A second reason for why an application must always be prepared to deal
with a closed link is that the isolate with which it is communicating
may be killed by an explicit stop at any point in time.  Making
send/receive throw unchecked exceptions says that the natural reaction
for isolate A to react to a stop of isolate B is to terminate itself.

If you assume that deployed applications will not crash because of
what you term "logic errors", and if you further assumed that killing
an individual isolate should be reason for the isolates with which it
communicates to terminate - then I submit you have little or no reason
to use isolates in your applications.  Use class loaders and thread
groups in connection with cooperative termination and be done with it.
 In my view, the research that led up to isolates most certainly
didn't make that assumption.  Rather, the goal was to design systems
that allow the creation of applications that can deal with the failure
(or killing) of individual components in a robust manner.  Checked
exceptions could help in making these applications more robust.

 - Godmar