|
|
|
|
|
|
by kubanczyk
226 days ago
|
|
|
That's subtly different. It's secondary whose fault is this, what primarily matters is whether you should continue with the rest of the process. There is always a cleanup layer, the trick is to choose well between 1 and 2: 1. Some code in the same OS process is able to bring data back to order.
2. OS can kill the process and thus kill any corruption that was in its address space.
3. Hardware on/off button can kill the entire RAM content and thus kill any corruption that spilled over it.
Take for example an unexpected divide by zero, that's a classic invariant violation. The entire process should blow up right there because:- it knows that the data in memory is currently corrupted, - it has no code to gently handle the corruption, - and it knows the worst scenario that can happen: some "graceful stop", etc., routine might decide to save the corrupted data to disk/database/third-party. Unrecoverable panic (uncatchable exception) is a very good generic idea, because persistently-corrupted-data bug is a hundred times worse than any died-with-ugly-message bug as far as users are concerned. |
|
|
> - it knows that the data in memory is currently corrupted,
> - it has no code to gently handle the corruption,
are these conditions or implications?
- corruption isn't necessary: it could be the consequence of a bug
- corruption can be handled sometimes: fetch the data from the source again, apply data correction algorithms
- you know and control what the graceful stop does; maybe not save the corrupted data to disk? or maybe save it to disk and ask the user to send it to you