Bartosz Milewski wrote:
I read Andrei's chapter on arrays and there's one thing that concerns me. When a slice is extended, the decision to re-allocate, and therefore to cut its connection to other slices, is non-deterministic.
It is not non-deterministic. Try it - you'll get the same results every time. It is implementation-defined behavior.
How does that influence program testing and can it be exploited to attack a buggy system?
Exploitations rely on undefined-behavior, such as buffer overflows, not implementation-defined behavior. This issue is no more conducive to an "exploit" than any other garden variety programming issue. It's entirely different than a buffer overflow attack.