Bad array indexing is considered deadly
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Wed May 31 15:36:16 PDT 2017
On Wednesday, 31 May 2017 at 21:45:51 UTC, H. S. Teoh wrote:
> This is an interesting use case, because conceptually speaking,
> each vibe.d fibre actually represents an independent
> computation, so any fatal errors like out-of-bounds bugs should
> cause the termination of the *fibre*, rather than *everything*
> that just happens to be running in the same process.
While I agree on a theoretical level about the fact that in
principal only the fibre (and the same argument goes for threads)
should terminate, the problem is that fibres, as well as threads,
share the same virtual memory of a process, i.e. memory
corruption in one fibre (or thread) cannot in general be safely
contained and kept from spreading to the other fibres (or
threads; except in the thread case one might argue if you know
the memory corruption to have happened only in TLS then you can
kill the thread, but I don't know how you would prove that).
If you cannot be sure that the memory corruption is contained in
a scope (i.e. a fibre or thread), you must terminate at the
closest enclosing scope that you know will keep the error from
escaping further outward to the rest of your system; AFAIK in
modern operating system the closest such scope is a process.
More information about the Digitalmars-d
mailing list