Python Enhancement Proposal — Floating an Idea

Consider the following code:

def max(m: int, n: int) -> int:
    if m >= n:
        return m
    elif n >= m:
        return n
    else:
        raise Exception(f"Design Error: {vars()}")

There's a question about the else:   clause and the exception raised there.

• It's impossible. In this specific case, a little algebra can prove that it's impossible. In more complex cases, the algebra can be challenging. In some cases, external dependencies may make the algebra impossible.
• It's needless in general. An else:   would have been better than the  elif n >= m: . The problem with else: is that poor design, or poor coordination with the external dependencies, can lead to undetectable errors.

Let's look at something a little more complex.

def ackermann(m: int, n: int) -> int:
    if m < 0 or n < 0:
        raise ValueError(f"{m} and {n} must be non-negative")
    if m == 0:
        return n + 1
    elif m > 0 and n == 0:
        return ackermann(m - 1, 1)
    elif m > 0 and n > 0:
        return ackermann(m - 1, ackermann(m, n - 1))
    else:
        raise Exception(f"Design Error: {vars()}")

It's somewhat less clear in this case that theelse: is impossible. A little more algebra is required to create a necessary proof.

The core argument here is edge cases are inevitable. While we can try very assiduously to prevent them, they seem to be an emergent feature of complex software. There are two arguments that seem to indicate the inevitability of edge and corner cases:

• Scale. For simple cases, with not too many branches and not too many variables, the algebra is manageable. As the branches and variables grow, the analysis becomes more difficult and more subject to error.
• Dependencies. For some cases, this kind of branching can be refactored into a polymorphic class hierarchy, and the decision-making superficially simplified. In other cases, there are multiple, disjoint states and multiple conditions related to those states, and the reasoning becomes more prone to errors.

The noble path is to use abstraction techniques to eliminate them. This is aspirational in some cases. While it's always the right thing to do, we need to check our work. And testing isn't always sufficient.

The noble path is subject to simple errors. While we can be very, very, very, very careful in our design, there will still be obscure cases which are very, very, very, very, very subtle. We can omit a condition from our analysis, and our unit tests, and all of our colleagues and everyone reviewing the pull request can be equally snowed by the complexity.

We have two choices.

1. Presume we are omniscient and act accordingly: use else:clauses as if we are incapable of error. Treat all complexif-elifchains as if they were trivial.
2. Act more humbly and try to detect our failure to be omniscient.

If we acknowledge the possibility of a design error, what exception class should we use?

•  RuntimeError. In a sense, it's an error which didn't occur until we ran the application and some edge case cropped up. However, the error was always present. It was a design error, a failure to be truly omniscient and properly prove all of ourif-elifbranches were complete.
•  DesignError . We didn't think this would happen. But it did. And we need debugging information to see what exact confluence of variables caused the problem.