RFC: Change what assert does on error
Bruce Carneal
bcarneal at gmail.com
Mon Jul 7 14:30:01 UTC 2025
On Sunday, 6 July 2025 at 16:21:59 UTC, Walter Bright wrote:
> Timon's method is reasonable as his particular situation
> requires it, and is an example of how flexible D's response to
> failures can be customized.
>
> It's not reasonable if the software is controlling the
> radiation dosage on a Therac-25, or is empowered to trade your
> stocks, or is flying a 747.
>
> Executing code after the program crashes is always a risk, and
> the more code that is executed, the more risk. If your software
> is powering the remote for a TV, there aren't any consequences
> for failure.
The optimal behavior varies with the context so the programmer
should decide. The default behavior should, IMO, favor safety.
More information about the Digitalmars-d
mailing list