我想说，对于什么时候使用异常并没有硬性规定。然而，使用或不使用它们有很好的理由:

使用异常的原因:

The code flow for the common case is clearer Can return complex error information as an object (although this can also be achieved using error "out" parameter passed by reference) Languages generally provide some facility for managing tidy cleanup in the event of the exception (try/finally in Java, using in C#, RAII in C++) In the event no exception is thrown, execution can sometimes be faster than checking return codes In Java, checked exceptions must be declared or caught (although this can be a reason against)

不使用异常的原因:

Sometimes it's overkill if the error handling is simple If exceptions are not documented or declared, they may be uncaught by calling code, which may be worse than if the the calling code just ignored a return code (application exit vs silent failure - which is worse may depend on the scenario) In C++, code that uses exceptions must be exception safe (even if you don't throw or catch them, but call a throwing function indirectly) In C++, it is hard to tell when a function might throw, therefore you must be paranoid about exception safety if you use them Throwing and catching exceptions is generally significantly more expensive compared to checking a return flag

一般来说，我更倾向于在Java中使用异常，而不是在c++或c#中，因为我认为异常，无论是否声明，都是函数正式接口的基本组成部分，因为更改异常保证可能会破坏调用代码。在Java IMO中使用它们的最大优势是，您知道调用者必须处理异常，这提高了正确行为的机会。

正因为如此，在任何语言中，我总是从一个公共类派生一层代码或API中的所有异常，这样调用的代码就总能保证捕获所有异常。另外，我认为在编写API或库时抛出特定于实现的异常类是不好的(即从较低的层包装异常，以便调用者接收到的异常在您的接口上下文中是可以理解的)。

注意，Java区分了一般异常和运行时异常，因为后者不需要声明。我只会使用运行时异常类，当您知道错误是由程序中的错误导致的。

异常用于异常行为、错误、失败等事件。功能行为、用户错误等应该由程序逻辑来处理。由于错误的帐户或密码是登录例程中逻辑流的一部分，因此它应该能够毫无例外地处理这些情况。

最终，决定取决于是使用异常处理更有助于处理此类应用程序级错误，还是通过您自己的机制(如返回状态代码)更有帮助。我不认为哪个更好有一个严格的规则，但我会考虑:

Who's calling your code? Is this a public API of some sort or an internal library? What language are you using? If it's Java, for example, then throwing a (checked) exception puts an explicit burden on your caller to handle this error condition in some way, as opposed to a return status which could be ignored. That could be good or bad. How are other error conditions in the same application handled? Callers won't want to deal with a module that handles errors in an idiosyncratic way unlike anything else in the system. How many things can go wrong with the routine in question, and how would they be handled differently? Consider the difference between a series of catch blocks that handle different errors and a switch on an error code. Do you have structured information about the error you need to return? Throwing an exception gives you a better place to put this information than just returning a status.

因为它们是正常发生的事情。异常不是控制流机制。用户经常会输入错误的密码，这不是特例。异常应该是一个真正罕见的事情，UserHasDiedAtKeyboard类型的情况。

一个经验法则是在您通常无法预测的情况下使用异常。例如数据库连接、磁盘上丢失的文件等。对于您可以预测的场景，例如用户试图使用错误的密码登录，您应该使用返回布尔值的函数，并知道如何优雅地处理这种情况。您不希望仅仅因为有人输入了密码错误而抛出异常，从而突然结束执行。

我对异常的使用有哲学问题。基本上，您期待一个特定的场景发生，但不是明确地处理它，而是将问题推到“其他地方”处理。至于“其他地方”在哪里，谁也说不准。