On Wednesday, 31 May 2017 at 20:23:21 UTC, Nick Sabalausky
(Abscissa) wrote:
On 05/31/2017 03:17 PM, Moritz Maxeiner wrote:
in general you have to assume that the index *being* out of
bounds is itself the *result* of *already occurred* data
corruption;
Of course not, that's absurd. Where do people get the idea that
out-of-bounds *implies* pre-existing data corruption?
You assume something I did not write. What I wrote is that the
runtime cannot *in general* (i.e. without further information
about the semantics of your specific program) assume that it was
*not* preexisting data corruption.
Most of the time, out-of-bounds comes from a bug (especially
in D, what with all of its safeguards).
Unfortunately the runtime has no way to know *if* the out of
bounds comes from a bug or a data corruption, which was my point;
only a human can know that. What is the most likely culprit is
irrelevant for the default behaviour, because as long as it
*could* be data corruption, the runtime cannot by default assume
that it is not; that would be unsafe.
Sure, data corruption is one possible cause of out-of-bounds,
but data corruption is one possible cause of *ANYTHING*. So
just to be safe, let's just abort on all exceptions, and upon
everything else for that matter.
No, abort on Errors where the runtime cannot know if data
corruption has already occured, i.e. the program is in an
undefined state. If you, as the programmer, know that it is safe,
you have to code that in.
