On Wednesday, 31 May 2017 at 23:50:07 UTC, Timon Gehr wrote:
No, it is perfectly safe, because the language does not
guarantee any specific behavior in case memory is corrupted.
The language not guaranteeing a specific behaviour on memory
corruption does not imply that assuming a bug was not caused by
memory corruption is safe.
Therefore the language can /always/ assume that there is no
memory corruption.
That is also not implied.
One does not require the other.
Correct, but the runtime has to be safe in the *general* case,
so it *must* assume the worst in case of a bug.
Software has bugs. The runtime has no business claiming that
the scope of any particular bug is the entire service.
It absolutely has the business of doing exactly that as long as
you, the programmer, do not tell it otherwise; which you can do
and is your job.
The practical outcomes of this design are just silly. Data is
lost, services go down, etc. When in doubt, the software should
just do what the programmer has written. It is not always
correct, but it is the best available proxy of the desirable
behavior.
When in doubt about memory corruption, the closest enclosing
scope that will get rid of the memory corruption must die. The
current behaviour achieves that in many cases.
