Bad array indexing is considered deadly
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Wed May 31 17:57:12 PDT 2017
On Thursday, 1 June 2017 at 00:11:10 UTC, Timon Gehr wrote:
> On 01.06.2017 01:55, Moritz Maxeiner wrote:
>> On Wednesday, 31 May 2017 at 23:40:00 UTC, Timon Gehr wrote:
>>>>
>>>> In the context of the conversation, and error has already
>>>> occurred and the all cases was referring to all the cases
>>>> that lead to the error.
>>> Bounds checks have /no business at all/ trying to handle
>>> preexisting memory corruption,
>>
>> Sure, because the program is in an undefined state by that
>> point.
>
> What does that even mean?
That once memory corruption has occurred the state of the program
is not well defined anymore.
> Everything is perfectly well-defined here:
>
> void main(){
> auto a = new int[](2);
> a[2] = 3;
> }
Sure, because there has been no memory corruption prior to the
index out of bounds.
That is not something the runtime should just assume for every
out of index error.
>
>> There is only termination.
>> ...
>
>
> Termination of what? How on earth do you determine that the
> scope of this "undefined state" is the program, not the
> machine, or the world?
As that is the closest scope current operating systems give us to
work with, this is a sane default for the runtime. Nobody stops
you from using a different scope if you need it.
> I.e., why terminate the program, but not shut down the machine
> or nuke the planet?
>
> Scoping really ought to be up to the programmer as it greatly
> depends on the actual circumstances.
Of course, and if you need something else you can do so.
> Program termination is the only reasonable default behaviour,
> but it is not the only reasonable behaviour.
Absolutely; rereading through our subthread I realized that I had
not made that explicit here (only in other subthreads). I
apologize for being imprecise.
More information about the Digitalmars-d
mailing list