Walter Bright wrote: > Lutger wrote: >> Walter Bright wrote: >>> Furthermore, errors are something a program can recover from and continue >>> operating. Contract failures are ALWAYS fatal. A common newbie (and some >>> expert) misconception is that contract failures can or even must be >>> recovered. This comes from a misunderstanding of the basic principles of >>> engineering a safe and reliable system. >> >> I am not so sure about this last point, usually you want to fail but perhaps >> not always. This is about what to do after detection of a program bug vs how >> to handle an exceptional condition. > > First you need to decide if it is a program bug or not. If it is not a program > bug, it shouldn't be done with contracts. > > If it is a program bug, then the only proper thing to do is exit the program. > The program cannot decide if it is a minor bug or not, nor can it decide if it > is recoverable. It is, by definition, in an unknown state, and continuing to > execute may cause anything to happen. (For example, malware may have installed > itself and that may get executed.)
I didn't really get this point from your articles on the subject, but that does clarify it for me. The assumption one makes when recovering is that it is indeed possible and safe. Even if it may be likely, it is never reliable to count on it.
