--- Comment #10 from Walter Bright <> 2012-02-01 
00:46:33 PST ---
(In reply to comment #9)
> Exceptions thrown in contracts are supposed to be recoverable,

No, they are supposed to exit the program. The thing with in contracts is not
that they're recoverable, it's that they assume that a failing in contract is
not leaving the program in an invalid state.

I agree this is a hole in the safety system, which is why I'm not closing it.
I'm just getting it to not be a regression. I do not know what a completely
correct fix would look like at the moment.

One possibility would be to allow only pure code in a contract. Pure code
cannot modify global state, and so when it throws it wouldn't be leaving
something outside of the contract in an invalid state.

We've talked about making in/out contracts pure before, I've been concerned
that they'd be too restrictive. Maybe require them to be pure when in safe

Configure issuemail:
------- You are receiving this mail because: -------

Reply via email to