Safe data access

Describes how the parameters that are passed to the descriptors are checked to ensure the they are not accessing illegal data.

The parameters that are passed to descriptor functions which access or operate on data, are checked to ensure that those operations are correctly specified and that no data outside the data area represented by the descriptor is accessed or changed.

It is the programmer’s responsibility to ensure that all accesses to descriptor data are within bounds and that descriptors are sufficiently large to contain their data, either by making the original allocation large enough at program compile time or by dynamically allocating the descriptor at run-time.

An illegal data access raises an exception, known as a panic, causing immediate program termination. In this event, it can be assumed that no illegal access of memory has taken place and that no data has been moved or damaged.

The Format() function which operates on descriptor data is the only case where a program is offered the opportunity to handle a potential exception.