I can't say I'm a fan of these sorts of articles. "Which strategy is most performant?!" is rarely the appropriate measure for an error handling strategy, it's more nuanced than that. Concerns like what makes a recoverable error vs an unrecoverable one are more important. Ensuring correctness is more important. The usability of an API is more important. Readability and maintainability are more important. Knowing what errors mean in terms of your domain model is more important.
Use what fits for your situation, don't take the "when all I have's a hammer..." attitude to anything. Sometimes return codes make sense (eg in hot-loop code). Sometimes exceptions make sense (in constructors, for example. And no, two-step initialisation is not a good alternative.). Sometimes neither make sense and you actually should just terminate the whole program (out-of-memory). Sometimes contracts make more sense (precondition checks, validating function arguments).
Anyway, regardless of your strategy if you can provide some method of querying if a thing can succeed to your API, do so; it's always better to handle errors by just making sure you don't cause them!
I would add that a error-handling strategy should never be a concern wrt performance because obviously the purpose of this sort of code is to serve as guard rails and ideally never be called at all ever.
If your error-handling code is triggered so often that you feel it might be causing a performance hit, you have far more serious problems than the performance overhead of how you handle errors.
I mean, it depends, CGAL for example, which I'd consider a high quality software library, uses exceptions for their exact number type to redo the calculation using more precision when needed https://www.cgal.org/FAQ.html#uncertain_exception
You're invoking the appeal to authority fallacy. Just because a popular package adopted a practice that does not make it right or good or acceptable. If that line of argument made any sense, you could argue that bugs present in CGAL represent best practices.
Rule of thumb: if a code path is not exceptional then it should not be implemented with exceptions. The happy path is not an exception.
My web server gets about 1000 to 1 hits of hacking attempts to valid requests (malformed headers, etc.) so I hope nginx and fcgi handle errors efficiently, because I pay for those cycles.
In those cases, a malformed request is common enough that discriminating between well-formed and malformed should be thought of like a first-class part of handling a request, not an error-handling situation. Errors are when things go wrong that you don't expect to usually go wrong*
*for varying values of usually, YMMV, use your own judgement, etc
You're not describing exceptional events. You're describing pretty much the happy path of any reverse proxy. In fact, in some applications these sort of events outnumber HTTP Status 200-worthy requests.
That assertion is obviously wrong. Think about it: you have a web server listening to the world. Do you really expect all requests to be neatly pointing to sanitized URLs? Of course not. Why on Earth should you assume that handling invalid requests is not one of the primary use cases?
When I want a parameter is an integer, I don't check all the ways in which it's NOT an integer; the happy path is when it _is_ an int and the program can continue, and anything else is an _Error_. If it overflows, that's an error too.
i.e., happy means it's basically the longest path (aside from diagnosing the error).
The question is: should the subroutine set an error number or throw an exception? Knowing the cost for each might help me decide for various situations.
Use what fits for your situation, don't take the "when all I have's a hammer..." attitude to anything. Sometimes return codes make sense (eg in hot-loop code). Sometimes exceptions make sense (in constructors, for example. And no, two-step initialisation is not a good alternative.). Sometimes neither make sense and you actually should just terminate the whole program (out-of-memory). Sometimes contracts make more sense (precondition checks, validating function arguments).
Anyway, regardless of your strategy if you can provide some method of querying if a thing can succeed to your API, do so; it's always better to handle errors by just making sure you don't cause them!