enforce()?
Walter Bright
newshound1 at digitalmars.com
Wed Jun 16 16:27:26 PDT 2010
Lutger wrote:
> Walter Bright wrote:
>> Furthermore, errors are something a program can recover from and continue
>> operating. Contract failures are ALWAYS fatal. A common newbie (and some
>> expert) misconception is that contract failures can or even must be recovered.
>> This comes from a misunderstanding of the basic principles of engineering a
>> safe and reliable system.
>
> I am not so sure about this last point, usually you want to fail but perhaps not
> always. This is about what to do after detection of a program bug vs how to
> handle an exceptional condition.
First you need to decide if it is a program bug or not. If it is not a program
bug, it shouldn't be done with contracts.
If it is a program bug, then the only proper thing to do is exit the program.
The program cannot decide if it is a minor bug or not, nor can it decide if it
is recoverable. It is, by definition, in an unknown state, and continuing to
execute may cause anything to happen. (For example, malware may have installed
itself and that may get executed.)
If you need notifications that the program failed, a separate monitor program
should be used. This is how people who design safe systems do it. People who
believe that programs can "recover" from bugs design systems that fail,
sometimes with terrible consequences.
My articles on the topic:
http://www.drdobbs.com/blog/archives/2009/10/safe_systems_fr.html
http://www.drdobbs.com/blog/archives/2009/11/designing_safe.html
More information about the Digitalmars-d
mailing list