Suggestion: Tackle bounds safety

Without commenting on the topic at hand, there is one line I absolutely had to address:

Rust was invented because its creator, Graydon Hoare, got stuck on an elevator, when the elevator's firmware crashed. Since the elevator's safeties kicked off, this is basically the same outcome as you'd get from a fatal error.

You can say the firmware crashing, instead of sending the elevator to random floors, or dropping the elevator down the shaft, is "safe". But being stuck in an elevator is still a serious condition. Even if you're not claustrophobic, and if the chances of starving to death before rescue comes are slim, this is not an appropriate situation for the firmware to arrive at.

The same is true for many other types of software. Server software crashing would disconnect active clients. Document editor crashing could cause loss of data. A program that is in the middle of serializing files could result in data corruption. And in multi-client services, it's much better to crash/disconnect a single client, than take down the whole process.

While there isn't always a way to recover, there are still plenty of cases where an exception is preferable to a fatal error.

Plus, it's always possible to turn an exception into a fatal error using try!. But the opposite is not true.

3 Likes

Depending on the fault, restarting the elevator automatically may have made things worse. I’ve been in elevators that have both automatically recovered from faults and those that have not.

In situations where automatic recovery is appropriate, the best solution currently available is an external process monitor. The downside is that a fault in one task takes down the entire process, when memory safety might actually have enabled safe termination and restarting of just that one task.

2 Likes

Yeah, auto-restarting is exactly what external monitors do. A custom error handler can do something more reasonable, like stop the elevator where it is, and open the doors. That way, you at least have the chance to get out, although it might take some acrobatics if the elevator is between floors.

Yes.
Limit yourself to a maximum of two requests at a time!

Utterly absurd.

It is fixed in 15.3 iirc.