Bad array indexing is considered deadly

Paolo Invernizzi via Digitalmars-d digitalmars-d at puremagic.com
Sat Jun 3 03:44:23 PDT 2017


On Saturday, 3 June 2017 at 09:48:05 UTC, Timon Gehr wrote:
> On 03.06.2017 08:55, Paolo Invernizzi wrote:
>> On Friday, 2 June 2017 at 23:23:45 UTC, nohbdy wrote:
>> 
>>> It's exacerbated because Walter is in a mindset of writing 
>>> mission-critical applications where any detectable bug means 
>>> you need to restart the program. Honestly, if I were writing 
>>> flight control systems for Airbus, I could modify druntime to 
>>> raise SIGABRT or call exit(3) when you try to throw an Error. 
>>> It would be easy, and it would be worthwhile. If you really 
>>> need cleanup, atexit(3) is available.
>> 
>> The worst thing happened in programming in the last 30 years 
>> is just that less and less programmers are adopting Walter 
>> mindset...
>> 
>> I'm really really puzzled by why this topic pops up so often...
>> 
>> 
>> /Paolo
>
> I don't get why you would /restart/ mission-critical software 
> that has been shown to be buggy. What you need to do instead: 
> Have a few more development teams that create independent 
> implementations of your service. (Completely from scratch, as 
> the available libraries were not developed to the necessary 
> standard.) All of them should run on different hardware 
> produced in different factories by different companies. 
> Furthermore, you need to hire a team of testers and software 
> verification experts vastly exceeding the team of developers in 
> magnitude, etc.

That's what should be done in mission-critical software, and we 
are relaxing the constraint of mission critical, it seems [1]

The point is software, somehow, has to be run, with bugs, or 
sometimes logic flaws: alas bugged software is running here [2]...

So, if you have to, you should restart 
'not-so-critical-software', and you should code it as it should 
be restarted from time to time.

It's an opinion, when it's the better moment to just restart it, 
and a judgement between risks and opportunities.

My personal opinion, it should be stopped ASAP a bug is detected.

/Paolo

[1] 
http://exploration.esa.int/mars/59176-exomars-2016-schiaparelli-anomaly-inquiry
[2] 
https://motherboard.vice.com/en_us/article/the-f-35s-software-is-so-buggy-it-might-ground-the-whole-fleet


More information about the Digitalmars-d mailing list