Re: [9fans] quantity vs. quality

On Sun Jun 11 07:24:25 CDT 2006, lucio@xxxxxxxxxxxxxx wrote:
never? what if malloc's datastructures are corrupt?

As long as the stack isn't corrupt, it _can_ still return to the
caller. The argument is really whether the caller can be trusted to
take the correct (non)recovery action.

i don't think this is about "trusting" somebody do do the right thing
for recovery.

if malloc's datastructures are corrupt, then you can assume that memory
is corrupt. somebody's fandangoed on core. since you don't have any
valid data, what can you accomplish except call sysfatal. (which might not
work.)

the most incidious bit about trying to recover when you're really and
truly hosed is that you just make debugging harder.

btw. glibc will abort if you corrupt the heap or double-free.

But you can't take away
Lucho's options because another 99 callers are too lazy. Your view,
if I read you correctly, is that Lucho also can't be trusted, because
he won't test his recovery code, but that is not an acceptable
assumption.

i think you're reading me wrong. it's not about trust. it's about how
software really gets written. i'm as guilty as the next guy in writing
fancy recovery code that i never try out.

i've been bitten in production at least twice by botched recovery.


Yes, we do need a middle ground and redefining _sysfatal() is one
option, but encouraging good programming practice, by example as well
as by instruction, would be preferable to unpredictable behaviour
under error conditions.

yes.

To me, the greatest loss in this age of complexity, is the determinism
of early day computing. Anything that increases determinism at the
application level is to be encouraged, not discouraged.

this is exactly why i think that sysfatal can be good if you really can't continue
or continuing is very likely to mask an error.

if you fail to get 20 bytes from malloc, for instance, it's likely you have an
huge leak in your program that needs to be fixed.

- erik
.

Relevant Pages

  • Re: Is it possible to use the value of the PROGRAM ID within the source code?
    ... Every called program has a way of returning to its caller. ... >information about calling history in some sort of hardware stack? ... True but discordant with the culture of operating systems and other languages. ... premise is that called programs may irrationally corrupt parameter values. ...
    (comp.lang.cobol)
  • Re: repairing corrupt mp4 (and jpeg) video files
    ... and you can often squeeze a few extra pictures and some short video ... is *not* to write any further files on the card. ... successful file recovery is good, but not guaranteed, unfortunately, ... as some individual files may be corrupt even though the file system is ...
    (rec.video.desktop)
  • Re: The Forest Gate raid and the alleged child porn
    ... There are far better error recovery techniques than parity bits and ... problem with parity bits is that you have to have a heck ... can only recover a *single* corrupt bit in each protected block. ... error correction blocks to the end of each image. ...
    (uk.legal)
  • Re: repairing corrupt mp4 (and jpeg) video files
    ... and you can often squeeze a few extra pictures and some short video ... is *not* to write any further files on the card. ... successful file recovery is good, but not guaranteed, unfortunately, ... as some individual files may be corrupt even though the file system is ...
    (rec.video.desktop)
  • Re: RAR under linux: any alternative?
    ... > That's why you include a checksums file with the archive set and/or list ... > the sums at the point of origin. ... Added support of so called recovery volumes, ... Say the part of the archive that is corrupt is a file that isn't needed. ...
    (Debian-User)