undefined | Better HN

0 pointspkolaczk3y ago0 comments

In Java if you encountered a null pointer exception or out of bounds error at the global level, there is also no guarantee you can safely continue, and dumping the stack and terminating is the only sensible option. Sure, the JVM is ok, but your app state might be already corrupt.

0 comments

mcculley3y ago

This has not been my experience at all.

The JVM is not corrupted by a NPE or out of bounds access unless you are using native code.

For example, I worked on a large X-Windows/Motif application with many developers. If some library dereferences a null pointer, it is game over. Kill the app. In a Java Swing app we built for a similar use case, we just trap the exception in the AWT event dispatcher, log it, and keep going. Yes, sometimes an exception has ruined the global state in some catastrophic way, but this is rare. We can keep running and debugging without restarting the whole app.

Another example is a web app: Any exception that bubbles up to the main request handler loop is likely (in our architecture) to happen before any change is made to the persistent store. Log it and handle another request. This makes debugging a lot easier than restarting the whole app.

LaGrange3y ago

> This has not been my experience at all.

This has been my experience with software written in Java by developers who think it was not their experience.

> In a Java Swing app we built for a similar use case

...oh no. I actually tend to associate Swing UI with weird, undefined behaviors, and whenever I'd look under the hood, it would nearly _always_ be due to them trying to swallow runtime exceptions. Pure hubris, as far as I'm concerned.

> Another example is a web app: Any exception that bubbles up to the main request handler loop is likely (in our architecture) to happen before any change is made to the persistent store. Log it and handle another request.

Please, please, _PLEASE_ just crash the server. The OS will handle it, it will be OK, and systemd will even do the right thing and give up if your thing crashes _persistently_, including all the fancy stuff like keeping track of how often it crashes.

I've done too much cleaning up after overly-confident superstar architects, your examples just brings painful memories. I beg you stop trying to be clever and just log the error and crash the app.

icedchai3y ago

There is some wisdom to what you say. I've experienced some Java apps that basically enter an exception/logging loop, quickly filling the system with gigs of logs full of 100 line stack traces. Eventually someone is alerted and has to clear the logs and kill -9 the app.

mcculley3y ago

I have the logs from my deployed apps. I know exactly how many times my users are getting those exceptions. We use those logs to fix the bugs and improve our apps.

You seem to have a lot of opinions about my apps from your own unfortunate experiences. Hubris is a word that brings to mind.

1 more reply

pkolaczkOP3y ago

I haven't said that the JVM would be corrupt by NPE. But C program state would also not be, and you could do the same handling as in Java.

But if your code invoked an NPE or bounds check, then it means either the algorithm is incorrect or the data it processes are already corrupt by incorrect processing earlier. Continuing in such situation increases the risk, because you don't have any guarantees which parts of the application state might have been already corrupted by the bug. I've seen many many times an NPE was a result of a shared data corruption caused by a data race. JVM does not guarantee thread state isolation, so one bug can break the state of all threads.

> Log it and handle another request

That gives you only a false sense of safety. A Java app (and any other app) may die for many other reasons you can't handle. You need to be prepared for that anyway if you want a reliable service. But if you are prepared for that, and your server can restart in 0.1 second, you don't win anything by recovering from NPEs.

kaba03y ago

Well, then consider deterministic failing a plus, as your C program may just continue along silently, with corrupted application state, and you might never learn of the problem (you are not likely to meet truly nullptr null pointers, they are just likely uninitialized, where all bets are off whether they are valid addresses)

Being able to handle it correctly is just an additional benefit.

1 more reply

j / k navigate · click thread line to collapse

0 comments

mcculley3y ago

This has not been my experience at all.

The JVM is not corrupted by a NPE or out of bounds access unless you are using native code.

LaGrange3y ago

> This has not been my experience at all.

This has been my experience with software written in Java by developers who think it was not their experience.

> In a Java Swing app we built for a similar use case

I've done too much cleaning up after overly-confident superstar architects, your examples just brings painful memories. I beg you stop trying to be clever and just log the error and crash the app.

icedchai3y ago

mcculley3y ago

I have the logs from my deployed apps. I know exactly how many times my users are getting those exceptions. We use those logs to fix the bugs and improve our apps.

You seem to have a lot of opinions about my apps from your own unfortunate experiences. Hubris is a word that brings to mind.

1 more reply

pkolaczkOP3y ago

I haven't said that the JVM would be corrupt by NPE. But C program state would also not be, and you could do the same handling as in Java.

> Log it and handle another request

kaba03y ago

Being able to handle it correctly is just an additional benefit.

1 more reply

j / k navigate · click thread line to collapse