... the problem isn't with the model, but rather with the effect of
that
model on existing code that all-too-casually and agressively eats
exceptions it doesn't understand. I think there are vanishingly few
circumstances where a blind catch(...) without an unconditional
re-throw
should be considered "legitimate". If you don't completely understand
what an exception means, you cannot claim to have completely
recovered,
and therefore cannot reasonably finalize propagation. (And when you
catch anonymously, you can't possibly understand what they mean since
you can't even identify them.) On the other hand, regardless of
whether
the semantics are meaningful or reasonable, the syntax is legal and
apparently (unfortunately) in common use, so I can't dispute that you
need to consider that.
This problem could be eliminated by specifying that cancellation
is a special case, that cannot be caught by catch(...), i.e., that
it can only be caught by a handler that names it explicitly, or that
it cannot be caught at all.