On Sun, Sep 02, 2018 at 09:33:36PM -0700, H. S. Teoh wrote: [...] > The reason I picked memory corruption is because it's a good > illustration of how badly things can go wrong when code that is known to > have programming bugs continue running unchecked. [...]
P.S. And memory corruption is also a good illustration of how a logic error in one part of the program can cause another completely unrelated part of the program to malfunction. The corruption could have happened in your network stack, but it overwrites memory used by your GPU code. You cannot simply assume that just because the network module has nothing to do with the GPU module, that a GPU code assertion failure cannot be caused by a memory corruption in the network module. Therefore, you also cannot assume that an assertion in the GPU code can be safely ignored, because by definition, the program's logic is flawed, and so any assumptions you may have made about it may no longer be true, and blindly continuing to run the code means the possibility of actually executing a remote exploit instead of the GPU code you thought you were about to execute. When the program logic is known to be flawed, by definition the program is in an invalid state with unknown (and unknowable -- because it implies that your assumptions were false) consequences. The only safe recourse is to terminate the program to get out of that state and restart from a known safe state. Anything less is unsafe, because being in an invalid state means you cannot predict what the program will do when you try to recover it. Your state graph may look nothing like what you thought it should look like, so an action that you thought would bring the program into a known state may in fact bring it into a different, unknown state, which can exhibit any arbitrary behaviour. (This is why certain security holes are known as "arbitrary code execution": the attacker exploits a loophole in the program's state graph to do something the programmer never thought the program could do -- because the programmer's assumptions turned out to be wrong.) T -- This sentence is false.
