I don't think anything but (correct) strict static analysis would have helped in that case. Embedded systems often avoid dynamic memory allocation completely, because dynamic out-of-memory conditions would be unacceptable. That's likely why there was so much data on the stack in the first place. A growable segmented stack is the opposite of robustness, in a case like that.
Unwinding on out-of-stack is more robust than aborting, but losing the entire context of a task is often going to be totally unacceptable. If every function call can unwind, it also makes it much harder to write memory-safe low-level code. In a web browser, it's going to be okay for most tasks to unwind. It's not going to be a very viable solution for truly robust embedded systems.
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
