> “Narrowing” a compile-time invariant without a corresponding proof is formally... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dragonwriter 31 days ago \| parent \| context \| favorite \| on: Cloudflare outage should not have happened > “Narrowing” a compile-time invariant without a corresponding proof is formally unsound and does not “respect” the declared invariant in any reasonable sense The invariant is that either condition X applies or condition Y applies. "Panic and stop execution if X, continue execution with the invariant Y if Y" is not unsound and does respect the original invariant in every possible sense. It may be the wrong choice of behavior given the frequency of X occurring and the costs incurred by the decision to panic, but that’s not a type-level problem.

frumplestlatz 31 days ago [–]

Claiming panic as sound and not a type-level problem is very cute, but also clearly wrong and a bit hilarious after the outage in question.

You guys really will go to any possible rhetorical length to justify lazy programming practices in error handling.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact