Sutter's ISO C++ Trip Report - The best compliment is when someone else steals your ideas....

Thu Jul 12 01:54:47 UTC 2018

On 7/11/2018 3:24 PM, crimaniak via Digitalmars-d wrote:
> On Wednesday, 11 July 2018 at 18:27:33 UTC, Brad Roberts wrote:
> 
>> ... application exiting asserts in production.  Yes, you kill the 
>> app.  You exit as fast and often as the errors occur.  You know what 
>> happens?  You find the bugs faster, you fix them even faster, and the 
>> result is solid software.
> You mean that the serious consequences of errors better motivate 
> programmers? Then I have an idea. If you connect the current to the 
> chairs of the developers, and with each failed assert the programmer 
> responsible for this part will receive an electrical discharge, the code 
> will surely become even more reliable. But I want the error found in the 
> production not to lead to a drop in the service, affecting all the users 
> who are currently on the site, and this is a slightly different aspect.

Motivation is a part of it, to be sure, but only a tiny part.  Asserts 
and the heavy use of them changes how you think about system state 
validation.  Yes, you can do that without asserts but I've found that 
when you tend towards system recovery and error mitigation style 
thinking you tend to be thinking about getting out of that state, not 
never getting into it.

As to applying punishments for errors, that tends to be a bad motivator 
too.  It encourages hiding problems rather than preventing them.

All in all, I'm mostly presenting anecdotal that embracing the style of 
programming you're arguing against has produced very good results, 
repeatably, in my work experience.

There's a big topic / discussion area in here about fault isolation.  If 
you really want things to be able to fail independently, then they need 
to be separate enough that faults in one cannot affect the other.  Most 
languages today don't provide the barriers within a process to have 
multiple fault domains.  None in the c family of languages does.  Erlang 
is a good example of one that does.  Given the industry and userbase 
that uses the language, it's not at all shocking that it too embraces 
the concept of fail fast, don't try to recover.

Anyway, this is one of the areas where people clearly have different 
philosophies and changing minds is unlikely to happen.