Bad array indexing is considered deadly

H. S. Teoh via Digitalmars-d digitalmars-d at puremagic.com
Wed May 31 23:11:43 PDT 2017 

On Thu, Jun 01, 2017 at 03:24:02AM +0000, John Carter via Digitalmars-d wrote:
[...]
> Personally I would say the design fault is trying to build
> _everything_ into a single OS process.
> 
> The mechanism that is guaranteed, enforced by the hardware, to recover
> all resources and reset to a sane point is OS process exit.
> 
> ie. If you need "bug" tolerance, decompose your system into multiple
> processes. This actually has a large number of other benefits. (eg.
> Automagically concurrent)
[...]

Again, from an engineering standpoint, this is a tradeoff.

The self-containment of an OS-level process is good for isolating it
from affecting other processes, but they come with a cost.  In the case
of vibe.d, while I can't speak for the design rationales because I'm not
involved in its development, it does appear to me that fibres were
chosen because of their very low context-switch cost and memory
requirements.  If you were to turn the fibres into full-blown processes,
that means incurring the cost of saving/restoring the full process
context, because that's what it takes to achieve independence between
processes. You need a bigger memory footprint because each process needs
to have its own copy of data in order to ensure independence.

It may very well be that for your particular design, process
independence is important, so this price may be well worth paying.

The fibre route chosen by vibe.d comes with the advantage of faster
context switches and smaller memory footprint (and probably other perks
as well), but the price you pay for that performance boost is that the
fibres are not self-contained and isolated from each other.  So if one
fibre goes awry, you can no longer guarantee that the other fibres
aren't also compromised. Hence if you wish to guarantee safety in case
of logic errors like out-of-bounds array accesses, you're forced to have
to reset the entire process before you can be absolutely sure you're
back in a sane state.

Which route to choose depends on the particulars of what you're trying
to achieve, and how much / whether you're willing to pay the price to
achieve what you want.


T

-- 
Today's society is one of specialization: as you grow, you learn more and more about less and less. Eventually, you know everything about nothing.

More information about the Digitalmars-d mailing list