This thread on Hacker News terrifies me

H. S. Teoh hsteoh at quickfur.ath.cx
Mon Sep 3 04:46:26 UTC 2018 

On Sun, Sep 02, 2018 at 09:33:36PM -0700, H. S. Teoh wrote:
[...]
> The reason I picked memory corruption is because it's a good
> illustration of how badly things can go wrong when code that is known to
> have programming bugs continue running unchecked.
[...]

P.S. And memory corruption is also a good illustration of how a logic
error in one part of the program can cause another completely unrelated
part of the program to malfunction.  The corruption could have happened
in your network stack, but it overwrites memory used by your GPU code.
You cannot simply assume that just because the network module has
nothing to do with the GPU module, that a GPU code assertion failure
cannot be caused by a memory corruption in the network module.
Therefore, you also cannot assume that an assertion in the GPU code can
be safely ignored, because by definition, the program's logic is flawed,
and so any assumptions you may have made about it may no longer be true,
and blindly continuing to run the code means the possibility of actually
executing a remote exploit instead of the GPU code you thought you were
about to execute.

When the program logic is known to be flawed, by definition the program
is in an invalid state with unknown (and unknowable -- because it
implies that your assumptions were false) consequences.  The only safe
recourse is to terminate the program to get out of that state and
restart from a known safe state.  Anything less is unsafe, because being
in an invalid state means you cannot predict what the program will do
when you try to recover it.  Your state graph may look nothing like what
you thought it should look like, so an action that you thought would
bring the program into a known state may in fact bring it into a
different, unknown state, which can exhibit any arbitrary behaviour.
(This is why certain security holes are known as "arbitrary code
execution": the attacker exploits a loophole in the program's state
graph to do something the programmer never thought the program could do
-- because the programmer's assumptions turned out to be wrong.)


T

-- 
This sentence is false.

More information about the Digitalmars-d mailing list