On Thursday, 1 June 2017 at 00:11:10 UTC, Timon Gehr wrote:
On 01.06.2017 01:55, Moritz Maxeiner wrote:
On Wednesday, 31 May 2017 at 23:40:00 UTC, Timon Gehr wrote:
In the context of the conversation, and error has already
occurred and the all cases was referring to all the cases
that lead to the error.
Bounds checks have /no business at all/ trying to handle
preexisting memory corruption,
Sure, because the program is in an undefined state by that
point.
What does that even mean?
That once memory corruption has occurred the state of the program
is not well defined anymore.
Everything is perfectly well-defined here:
void main(){
auto a = new int[](2);
a[2] = 3;
}
Sure, because there has been no memory corruption prior to the
index out of bounds.
That is not something the runtime should just assume for every
out of index error.
There is only termination.
...
Termination of what? How on earth do you determine that the
scope of this "undefined state" is the program, not the
machine, or the world?
As that is the closest scope current operating systems give us to
work with, this is a sane default for the runtime. Nobody stops
you from using a different scope if you need it.
I.e., why terminate the program, but not shut down the machine
or nuke the planet?
Scoping really ought to be up to the programmer as it greatly
depends on the actual circumstances.
Of course, and if you need something else you can do so.
Program termination is the only reasonable default behaviour,
but it is not the only reasonable behaviour.
Absolutely; rereading through our subthread I realized that I had
not made that explicit here (only in other subthreads). I
apologize for being imprecise.
