When *DO* we show StackTraces on production systems

Question

Under what specific situation is it ok (or even recommended) to present end-users with a StackTrace to their UI on a production system.

There are a large number of websites and SO articles where folks ask if they should show StackTraces to an end user. Not surprisingly, the answers are a resounding "No!".

For example:

• Java: what information in error stack trace do we typically not wish to show users?
• java : Using printStackTrace in Production Environment
• Should I Print the Exception Stack Trace?
• When to log a stacktrace for a caught exception

However, I recently had a conversation with another developer where I spent a good deal of time posturing why stacktraces shouldn't be passed to the user via the UI. That discussion had me go back and revisit one of my fundamental (absolute) tenants - the user shall never see a raw StackTrace in production.

I couldn't find a single compelling reason. However, I'm sure there is valid usecase, and I'd like to either understand it, or feel comfortable continuing to hold fast to my absolute tenant.

Answer 1

You don't--they're simply not helpful to a user.

Users get messages. Developers get stack traces, either in the logs, an email, a queue, maybe the rendered HTML when running locally/internally, etc.

Answer 2

Over here, at my office with many different internal projects, I benefit from seeing stack traces that my coworkers in other departments see when my programs crash. They're just not malicious or knowledgable enough to know what's going on, otherwise they'd be working with me. It also gives me a window period to interrogate the user to maybe determine what they were doing (while it is still fresh in their minds). If the stack trace had been supressed or some other beautiful (but concealing) error handling had been in place, then I may not know how an error happened other than through a stack trace.

Answer 3

The stack trace should be available to the user when the application crashes, because a stack trace usually identifies the bug that causes the crash, and there might be a work around available. The work-around obviously works only if the crash is caused by the bug the work-around is for - otherwise attempting the work-around is just wasted time.

A crash might also be caused by a bug in something that the user needs to update, e.g. graphics driver. In this case, the stack trace usually contains the name of the graphics driver, such as atiumdag.dll.

Let's imagine:

No stack trace:

Customer: I get a message box saying "the program stopped working".

Support: Try this.

Customer: Nope, doesn't help.

Support: Try this.

Customer: Nope, doesn't help.

Support: Try this.

Customer: Nope, doesn't help.

Support: Try this.

Customer: Nope, doesn't help.

With stack trace:

Customer: I get a message box saying "the program stopped working".

Support: Click on the "details" button and send me the stack trace.

Customer: (sends the stack trace)

Support: This is caused by a known bug in the application, which is triggered by feature X when the application is installed in a non-default path. It will be fixed in the next version, which is released next year. However, you can work around it by either disabling feature X or re-installing the application in the default installation path.

Answer 4

in open source projects or where you have debug mode turned on. Maybe the user is using the application to learn how the technology works to make a similar app, or maybe they plan on contributing to it themselves.

There are many different types of users. I think allowing them to turn this option on is neat but it shouldn't be so easy where your average joe might turn on stacktraces by accident.