Bad array indexing is considered deadly
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Thu Jun 1 16:24:32 PDT 2017
On 6/1/17 2:00 PM, Walter Bright wrote:
> On 6/1/2017 2:53 AM, Vladimir Panteleev wrote:
>> 3. Design your program so that it can be terminated at any point
>> without resulting in data corruption. I don't know if Vibe.d can
>> satisfy this constraint, but e.g. the ae.net.http.server workflow is
>> to build/send the entire response atomically, meaning that the
>> Content-Length will always be populated. Wrap your database updates in
>> transactions. Use the "write to temporary file then rename over the
>> original file" pattern when updating files. Etc.
>
> This is the best advice.
>
> I.e. design with the assumption that failure will occur, rather than
> fruitlessly trying to prevent all failure.
>
Indeed it is good advice. I'm thinking actually a good setup is to have
2 levels of processes: one which delivers requests to some set of child
processes that handle the requests with fibers, and one which handles
the i/o to the client. Then if the subprocess dies, the master process
can both inform the client of the failure, and retry other fibers that
were in process but never had a chance to finish.
Not sure if I'll get to that point. At this time, I'm writing an array
wrapping struct that will turn all range errors into range exceptions.
Then at least I can inform the client of the error and continue to
handle requests.
-Steve
More information about the Digitalmars-d
mailing list