undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsfatherzine3y ago0 comments

Partially true. In practice people implement multiplexed servers, for many reasons, including performance / throughput. A logic failure should nuke _the offending request_, not the entire server with all the unrelated concurrent requests.

0 comments

4 comments · 1 top-level

AshamedCaptain3y ago· 3 in thread

This is an attitude that I often see -- library authors who believe they own the process. Aborting may be the only sensible thing to do in runtimes where you can end up corrupting the entire process memory or the like, making recovery "dubiously possible", but absolutely not for anything higher level, where recovery may be safe and possible.

burntsushi3y ago

I gave examples covering this area in the post. How would you rewrite the code in this section[1], for example, to conform to your views? (Assume this code is in a library.)

[1]: https://blog.burntsushi.net/unwrap/#what-about-when-invarian...

fatherzineOP3y ago

* Short term: add explicit runtime checks for every step that may panic. With the way jump prediction works in modern processors, the runtime cost may be smaller than one may naively assume it is. Some of us would take, say, a 10% perf. degradation instead of chasing prod panics in the middle of the night.

* Long term: plug-in a richer type (logic) system, so one can safely prove the most costly runtime invariants at compile time.

AshamedCaptain3y ago

Exceptions.

j / k navigate · click thread line to collapse