> Infinitely better to crash than to potentially let the process/library run in some kind of degraded state.
Why? Just set the entire library to "failed" mode and have every function return an error or do nothing from that point forward. That is far more sensible than just panicking and bringing down the entire application.
Imagine if people want to use this in a cash machine or something like that.
I would much rather the cash machine crashes than starts communicating with the bank seeded by 00*inf bytes of random.
Besides, what exactly do you expect to do with the library in an "exceptional condition"? Do I now need to check the output of every single function for some non-local effects they have on each other?
How can the library know that the cash machine will communicate with the bank, or that there even is a cash machine?
The library should just tell the program that it failed go perform its task, not guess at what its parent program could, should or would do.
Note that the discussion started from "abort". Maybe the authors meant something else by abort, but in a system programming context it means calling abort and terminating the program's execution immediately.
If they just meant it as a synonym for panic, we're just having a nice discussion here.
Why? Just set the entire library to "failed" mode and have every function return an error or do nothing from that point forward. That is far more sensible than just panicking and bringing down the entire application.
Imagine if people want to use this in a cash machine or something like that.