lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

On Sun, May 31, 2015 at 2:32 PM, Tim Hill <drtimhill@gmail.com> wrote:
>
> On May 31, 2015, at 1:05 PM, Coda Highland <chighland@gmail.com> wrote:
>
> I accounted for that in the very message you replied to -- IF you
> don't know for sure that you're processing a sequence, THEN you should
> be doing something different.
>
>
> But what is the “something different”?
>
> — If you want to be rigorous then, yes, you DO check for a valid sequence
> (your arguments notwithstanding). This isn’t easy in Lua (see my other
> post).
>
> — if the “something different” is “malfunction, not my problem” then that
> depends entirely on the nature of the malfunction. In our work the result of
> a malfunction can be “the patient dies”, and just pointing a finger of blame
> to another part of the system isn’t acceptable.
>
> I’m fine with the Lua libraries not doing checking, but extending that to
> “no-one else should either” doesn’t seem a good argument to me.
>
> —Tim

The "something different" is probably going to be something like
"maintain an explicit length yourself and require that all operations
on your list go through a specific set of library functions (e.g. via
a metatable)". And while the performance may not be as good as the
builtins, it's hard to say that Lua makes it DIFFICULT to implement
this.

"Malfunction" doesn't necessarily mean "not my problem" -- if it's
malfunctioning because you were negligent and didn't read the
documentation, then it IS your problem. If it's malfunctioning because
you've got a bug somewhere else in the code and it just happens to
surface there, then it IS your problem. (And furthermore, if lives are
on the line, you really ought to be auditing third-party code; Lua's
design makes this relatively easy to do, compared to some other
languages.)

If someone's life is on the line, then defensive programming in one
place isn't going to be the special part that makes it all work. You
should be designing your system as fail-safe -- that is, if something
DOES go wrong, then it should fail in a way that doesn't wind up with
a dead guy on your hands.

/s/ Adam