enum Format

[Walter Bright]

On 1/11/2024 9:36 PM, Richard (Rikki) Andrew Cattermole wrote:
> Making things crash at runtime, because the compiler did not apply the knowledge 
> it has is just ridiculous.
> 
> Imagine going to ``http://google.com/itsacrash`` and crashing Google.
> 
> Or pressing a button too fast on an airplane and suddenly the fuel pumps turn 
> off and then refuse to turn back on.
> 
> Instead of the compiler catching clearly bad logic that it has a full 
> understanding of, you're disrupting service and making people lose money. This 
> is not a good thing.

I agree that compile time checking is preferable. But there is a cost involved, 
as I explained more fully in another post. It isn't free.

Since the format string is a compile time creature, not a user input feature, if 
the fault only happened when the code is deployed, it means the code was *never* 
executed before it was shipped.

This is an inexcusable failure for any avionics system, or any critical system, 
since we have simple tools that check coverage.

BTW, professional code is full of assert()s. Asserts check for faults in the 
code logic that are not the result of user input, but are the result of 
programming errors. We leave them as asserts because nobody knows how to get 
compilers to detect them, or is too costly to detect them.

In other words, this is not an absolute thing. It's a weighing of cost and benefit.