Bad array indexing is considered deadly
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Wed May 31 14:03:01 PDT 2017
On Wednesday, 31 May 2017 at 20:23:21 UTC, Nick Sabalausky
(Abscissa) wrote:
> On 05/31/2017 03:17 PM, Moritz Maxeiner wrote:
>> in general you have to assume that the index *being* out of
>> bounds is itself the *result* of *already occurred* data
>> corruption;
> Of course not, that's absurd. Where do people get the idea that
> out-of-bounds *implies* pre-existing data corruption?
You assume something I did not write. What I wrote is that the
runtime cannot *in general* (i.e. without further information
about the semantics of your specific program) assume that it was
*not* preexisting data corruption.
> Most of the time, out-of-bounds comes from a bug (especially
> in D, what with all of its safeguards).
Unfortunately the runtime has no way to know *if* the out of
bounds comes from a bug or a data corruption, which was my point;
only a human can know that. What is the most likely culprit is
irrelevant for the default behaviour, because as long as it
*could* be data corruption, the runtime cannot by default assume
that it is not; that would be unsafe.
>
> Sure, data corruption is one possible cause of out-of-bounds,
> but data corruption is one possible cause of *ANYTHING*. So
> just to be safe, let's just abort on all exceptions, and upon
> everything else for that matter.
No, abort on Errors where the runtime cannot know if data
corruption has already occured, i.e. the program is in an
undefined state. If you, as the programmer, know that it is safe,
you have to code that in.
More information about the Digitalmars-d
mailing list