zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. tcfhgj+w4[view] [source] 2022-10-02 14:53:29
>>rvz+(OP)
> Not completing the operation at all, is not really any better than getting the wrong answer, it's only more debuggable.

Wouldn't be that sure about that. Getting the wrong answer can be a serious security problem. Not completing the operation... well, it is not good, but that's it.

◧◩
2. atoav+35[view] [source] 2022-10-02 14:56:26
>>tcfhgj+w4
I mean if it is a cosmetic thing sure. If it has substantial meaning I would rather have that 5 ton robotic welding arm not move than have it move through my skill.

It is sometimes acceptable to get wrong output. But is nearly always better to know it is wrong.

◧◩◪
3. analog+K9[view] [source] 2022-10-02 15:23:06
>>atoav+35
This sounds like the difference between "fault tolerant" and "fail safe".

Fault tolerant - you get a fault, you keep moving.

Fail safe - you fail, and thus all operations are stopped.

◧◩◪◨
4. gmueck+1z[view] [source] 2022-10-02 17:39:40
>>analog+K9
Failing may require triggering some actions actively. Going inert is not the right way in many cases. Some system absolutely require best efforts in the face of failure. A fire alarm in an otherwise secure and locked down facility may have to trigger the opening of door locks, for example.
[go to top]