On Sunday, 5 June 2022 at 03:43:16 UTC, Paul Backus wrote:
See here:
https://bloomberg.github.io/bde-resources/pdfs/Contracts_Undefined_Behavior_and_Defensive_Programming.pdf
Not all software is banking applications. If an assert fails that
means that the program logic is wrong, not that the program is in
an invalid state. (Invalid state is a stochastic consequence and
detection can happen mich later).
So that means that you should just stop the program. It means
that you should shut down all running instances of that program
on all computers across the globe. That is the logical
consequence of this perspective, and it makes sense for a banking
database.
It does not make sense for the constructor of Ants in a computer
game service.
It is better to have an enjoyable game delivered with fewer ants
than a black screen all weekend.
You can make the same argument for an interpreter: if an assert
fails in the intrrpreter code then that could be a fault in the
interpreter therefore you should shut down all programs being run
by that interpreter.
The reality is that software is layered. Faults at different
layers should have different consequences at the discretion of a
capable programmer.
