Geek Answers Handbook

Should I allow the plugin to crash the application?

I am adding an event-connected api plugin to the web system I'm working on.

Should I transfer plugin calls to try / catch to make sure they don't crash, or should I leave this to plugin developers to take care.

In addition, some of the plugins can change the data transmitted to them, should they re-check all the data or trust the plug-in developers not to violate anything?

+6
language-agnostic events plugins
source share
6 answers

You must not let your program crash.

If you can protect yourself from innocent errors with plugins, you must do this - both by handling exceptions and by re-checking the changed data that your code must reuse.

What you do when you find a problem (an exception or garbled data) is up to you - unloading the plug-in and reusing it until it is restarted may be reasonable in working mode. For plugin developers, a good diagnosis of what went wrong would be wise - it may even be important to get widespread acceptance (many people write plugins for you). If other programmers cannot solve problems efficiently, they cannot continue trying.

+9
source share

In the event of a Windows crash if a third-party application crashes or is included in any process isolation?

Should firefox crash when a plugin crashes?

Here is your answer. Never trust a third party in your work as they should.

+3
source share

Firefox has a nice add-on that prevents the plug-in for the main application (for example, Flash).

The main application must always have control. As the name implies, the plugin is one of the others and should not stop the main + other plugins. In addition, while maintaining control of the plugins, the main application can still provide directions to the user either

  • remove plugin
  • find an alternative, etc.

Maintaining control allows the user to be aware of what is happening and who is responsible.
In Firefox, I like that I can find out who made an attempt (sort of) to minimize the application.

Thus, you as the main application developer, you are not criticized for the poor work that you did not do in the first place.

Regarding data management

It depends on the application and the type of data. If the data affects other plugins and the main application, it should be monitored, configured or fixed.

+1
source share

As an analogue .. do you accept any user data without checking it?

In this case, I see try / catch as the executable code of the user verification program

+1
source share

When we write a standalone program and prevent it from crashing using some kind of global try-catch, we successfully hide the error details to prevent these errors from being fixed. As a rule, an unexpected unhandled exception should lead to a program crash. This is a way to debug such an exception only when it is selected, or to create an emergency reset for debugging after opening.

A program that loads third-party plugins should obviously be protected from plugin failure. On the other hand, it is a good idea to enable plug-in developers to fix their mistakes, which can lead to the failure of the entire program. I would think to add some special mode of operation to such a program, this may help plug-in developers. Of course, this mode should not be available to ordinary users. In normal mode, I would catch all plug-in errors, preventing the hosting program from crashing, but every plug-in failure should be logged with as much detail as possible.

+1
source share

There is no linguistic agnostic answer to this question, but I assume the plugin is a kind of dll.

If you cannot trust the plugin, there are some potential benefits of preventing it. If nothing else helps isolate errors, but also provides the user with some protection against malicious plugins and helps with the reliability and reliability of your application.

However, it is rather difficult to avoid trusting the plugin. Depending on the OS, you are going to run it in your own process with minimal privileges, without access to the file system or sockets, limited access to resources such as memory and processor time, a monitor that will kill it if it turns out to be unresponsive, talking to your process only through a pipe? If not, then some kind of buggy plugin will find a way to ruin your day, which means that you "relied" on your correctness, whether you plan it or not.

Capturing exceptions means you are using the plugin in one of your applications. Therefore, you trust him. You cannot โ€œmake sure that it does not workโ€ if it has the ability to do some OS-specific thing that causes the kernel to shut down your process with extreme prejudice.

All that has been said - on the specific problem of catching exceptions, callers should catch exceptions if and only if they can do something useful with them.

I would catch them if the plugin does something irrelevant (for example, rendering one of the components of a web page) or let them go if the plugin does something absolutely necessary for the program (for example, if it is a video codec in a command line transcoding program, maybe I will catch the exception and return it after registering the error that โ€œblamesโ€ the error in the plugin, otherwise I would handle it the same way as any other unforeseen errors in the program).

0
source share

More articles:


All Articles