Bad array indexing is considered deadly
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Wed May 31 17:05:36 PDT 2017
On Wednesday, 31 May 2017 at 23:50:07 UTC, Timon Gehr wrote:
>
> No, it is perfectly safe, because the language does not
> guarantee any specific behavior in case memory is corrupted.
The language not guaranteeing a specific behaviour on memory
corruption does not imply that assuming a bug was not caused by
memory corruption is safe.
> Therefore the language can /always/ assume that there is no
> memory corruption.
That is also not implied.
>
>>> One does not require the other.
>>
>> Correct, but the runtime has to be safe in the *general* case,
>> so it *must* assume the worst in case of a bug.
>
> Software has bugs. The runtime has no business claiming that
> the scope of any particular bug is the entire service.
It absolutely has the business of doing exactly that as long as
you, the programmer, do not tell it otherwise; which you can do
and is your job.
> The practical outcomes of this design are just silly. Data is
> lost, services go down, etc. When in doubt, the software should
> just do what the programmer has written. It is not always
> correct, but it is the best available proxy of the desirable
> behavior.
When in doubt about memory corruption, the closest enclosing
scope that will get rid of the memory corruption must die. The
current behaviour achieves that in many cases.
More information about the Digitalmars-d
mailing list