Bad array indexing is considered deadly
Laeeth Isharc via Digitalmars-d
digitalmars-d at puremagic.com
Thu Jun 1 19:11:34 PDT 2017
On Wednesday, 31 May 2017 at 13:34:25 UTC, Steven Schveighoffer
wrote:
> On 5/31/17 9:21 AM, H. S. Teoh via Digitalmars-d wrote:
>> On Wed, May 31, 2017 at 09:04:52AM -0400, Steven Schveighoffer
>> via Digitalmars-d wrote:
>>> I have discovered an annoyance in using vibe.d instead of
>>> another web
>>> framework. Simple errors in indexing crash the entire
>>> application.
>>>
>>> For example:
>>>
>>> int[3] arr;
>>> arr[3] = 5;
>>>
>>> Compare this to, let's say, a malformed unicode string
>>> (exception),
>>> malformed JSON data (exception), file not found (exception),
>>> etc.
>>>
>>> Technically this is a programming error, and a bug. But
>>> memory hasn't
>>> actually been corrupted. The system properly stopped me from
>>> corrupting memory. But my reward is that even though this
>>> fiber threw
>>> an Error, and I get an error message in the log showing me
>>> the bug,
>>> the web server itself is now out of commission. No other
>>> pages can be
>>> served. This is like the equivalent of having a guard rail on
>>> a road
>>> not only stop you from going off the cliff but proactively
>>> disable
>>> your car afterwards to prevent you from more harm.
>> [...]
>>
>> Isn't it customary to have the webserver launched by a script
>> that
>> restarts it whenever it crashes (after logging a message in an
>> emergency
>> logfile)? Not an ideal solution, I know, but at least it
>> minimizes
>> downtime.
>
> Yes, I can likely do this. This kills any existing connections
> being handled though, and is far far from ideal. It's also a
> hard crash, any operations such as writing DB data are killed
> mid-stream.
>
>..
> -Steve
Hi Steve.
Had similar problems early on. We used supervisord to
automatically keep a pool of vibed applications running and put
nginx in front as a load balancer. User session info stored in
redis. And a separate process for data communicating with web
server over nanomsg. Zeromq is more mature but I found sometimes
socket could get into an inconsistent state if servers crashed
midway, and nanomsg doesn't have this problem. So data update
either succeeds or fails but no corruption if Web server crashes.
Maybe better ways but it seems to be okay for us.
Laeeth
More information about the Digitalmars-d
mailing list