On 3/27/15 12:13 AM, deadalnix wrote:
On Friday, 27 March 2015 at 03:59:30 UTC, zhmt wrote:
The best way to do that is to separate the server modules into
independent processes. Then if one crashes, the others keep running
without fear of corruption.
So instead of server modules, try doing mini servers that communicate
with the main server. This is how a lot of newer programs are written
because of the reliability and security benefits it offers.
But this will make the developement more difficult for me, or not
acceptable.
Is there any other ways?
http://www.deadalnix.me/2012/03/24/get-an-exception-from-a-segfault-on-linux-x86-and-x86_64-using-some-black-magic/
There is a hook in the runtime to enable this if you want.
BUT, null pointer exception or not, Adam is right. Have your stuff run
in multiple process that you can restart. This is more reliable, this is
more secure, this is easier to update without downtime, and so on...
This is far superior solution for server stuff.
Please note, this is NOT a null pointer exception, it's a segfault
exception. This can happen with corruption (absolutely should not
continue) as well as forgetting to initialize a variable (dangerous if
not handled correctly, but still feasible to continue). It may not be as
black and white as if it's a null pointer that was dereferenced or not.
I highly recommend terminating the process.
As for the original question (why does D do this?), it's because the
system ALREADY catches null pointer access. To add additional checks
would slow down the system. And as you can see, you can hook these
mechanisms to actually throw an exception, but this is a relatively
recent development.
In addition, as I mentioned, a seg fault can occur for a number of
reasons, and D takes the position that you really should just terminate
the process if this happens.
The reason using multiple processes is more secure and reliable is
because a rogue thread (one that has segfaulted because of a memory
corruption error) can corrupt data in all your other threads. A separate
process cannot.
-Steve
