Program logic bugs vs input/environmental errors

Dmitry Olshansky via Digitalmars-d digitalmars-d at puremagic.com
Sun Sep 28 14:16:20 PDT 2014


29-Sep-2014 00:50, Sean Kelly пишет:
> On Sunday, 28 September 2014 at 20:31:03 UTC, Walter Bright wrote:
>>
>> If the threads share memory, the only robust choice is to terminate
>> all the threads and the application.
>>
>> If the thread is in another process, where the memory is not shared,
>> then terminating and possibly restarting that process is quite
>> acceptable.
>>
>> > The scope of a logic bug can be known to be quite limited.
>>
>> If you know about the bug, then you'd have fixed it already instead of
>> inserting recovery code for unknown problems. I can't really accept
>> that one has "unknown bugs of known scope".
>
> Well, say you're using SafeD or some other system where you know that
> memory corruption is not possible (pure functional programming, for
> example).

> In this case, if you know what data a particular execution
> flow touches, you know the scope of the potential damage.  And if the
> data touched is all either shared but read-only or generated during the
> processing of the request, you can be reasonably certain that nothing
> outside the scope of the transaction has been adversely affected at all.


not possible / highly unlikely (i.e. bug in VM or said system)

But otherwise agreed, dropping the whole process is not always a good 
idea or it easily becomes a DoS attack vector in a public service.


-- 
Dmitry Olshansky


More information about the Digitalmars-d mailing list