enum Format

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Fri Jan 12 07:09:28 UTC 2024 

On 12/01/2024 8:00 PM, Walter Bright wrote:
> On 1/11/2024 9:36 PM, Richard (Rikki) Andrew Cattermole wrote:
>> Making things crash at runtime, because the compiler did not apply the 
>> knowledge it has is just ridiculous.
>>
>> Imagine going to ``http://google.com/itsacrash`` and crashing Google.
>>
>> Or pressing a button too fast on an airplane and suddenly the fuel 
>> pumps turn off and then refuse to turn back on.
>>
>> Instead of the compiler catching clearly bad logic that it has a full 
>> understanding of, you're disrupting service and making people lose 
>> money. This is not a good thing.
> 
> I agree that compile time checking is preferable. But there is a cost 
> involved, as I explained more fully in another post. It isn't free.
> 
> Since the format string is a compile time creature, not a user input 
> feature, if the fault only happened when the code is deployed, it means 
> the code was *never* executed before it was shipped.
> 
> This is an inexcusable failure for any avionics system, or any critical 
> system, since we have simple tools that check coverage.
> 
> BTW, professional code is full of assert()s. Asserts check for faults in 
> the code logic that are not the result of user input, but are the result 
> of programming errors. We leave them as asserts because nobody knows how 
> to get compilers to detect them, or is too costly to detect them.
> 
> In other words, this is not an absolute thing. It's a weighing of cost 
> and benefit.

So I guess the question is, do you want to hear from a company that they 
lost X amount of business because they used a language feature that 
could have caught errors at compile time, but instead continually 
crashed in a live environment?

I do not.

That would be a total embarrassment.

I have an identical problem currently with ``@mustuse``.
It errors out at runtime if you do not check to see if it has an error, 
if you try to get access to the value.

It is hell. I could never recommend such an error prone design. I am 
only putting up with it until the language is capable of something better.

https://issues.dlang.org/show_bug.cgi?id=23998

More information about the Digitalmars-d mailing list