29-Sep-2014 00:50, Sean Kelly пишет:
On Sunday, 28 September 2014 at 20:31:03 UTC, Walter Bright wrote:
If the threads share memory, the only robust choice is to terminate
all the threads and the application.
If the thread is in another process, where the memory is not shared,
then terminating and possibly restarting that process is quite
acceptable.
> The scope of a logic bug can be known to be quite limited.
If you know about the bug, then you'd have fixed it already instead of
inserting recovery code for unknown problems. I can't really accept
that one has "unknown bugs of known scope".
Well, say you're using SafeD or some other system where you know that
memory corruption is not possible (pure functional programming, for
example).
In this case, if you know what data a particular execution
flow touches, you know the scope of the potential damage. And if the
data touched is all either shared but read-only or generated during the
processing of the request, you can be reasonably certain that nothing
outside the scope of the transaction has been adversely affected at all.
not possible / highly unlikely (i.e. bug in VM or said system)
But otherwise agreed, dropping the whole process is not always a good
idea or it easily becomes a DoS attack vector in a public service.
--
Dmitry Olshansky
