November 19, 2009Re: Making alloca more safe
Posted in reply to Walter Bright
Hello Walter, > Max Samukha wrote: > >> On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright >> <email@example.com> wrote: >>> If you've got a system that relies on the software continuing to >>> function after an unexpected null seg fault, you have a VERY BADLY >>> DESIGNED and COMPLETELY UNSAFE system. I really cannot emphasize >>> this enough. >>> >> I have an example of such a software: >> http://www.steinberg.net/en/products/audiopostproduction_product/nuen >> do4.html >> It loads third-party plugins into the host process's address space, >> an consequently it may fail at any moment. The software's design is >> not the best ever but it gives the user last chance to save his work >> in case of fatal error. This feature has saved my back a couple of >> times. >> > > Be that as it may, it is certainly possible to catch seg faults in an > exception handler and write files out. That would be an unacceptable > behavior, though, in a system that needs to be safe. > For some systems, once you hit a seg-v, things can't get any worse so why not try to make things better by saving what you can?
November 20, 2009Re: Making alloca more safe
Posted in reply to BCS
BCS wrote: > For some systems, once you hit a seg-v, things can't get any worse Oh, yes they can! You could now be executing a virus. *Anything* the software is connected to can now do anything wrong or malicious. (On my car, I installed an oil pressure switch that shuts off the electric fuel pump if the pressure drops. I also pried a switch off of a junkyard Mustang that shuts off if it gets hit hard, I also plan on installing that to shut off the fuel pump. Think of those like a "seg fault" <g>) > so why not try to make things better by saving what you can? Sure, you can try saving things, but you'd better hope that there was already a reasonably recent clean copy of your data. To write safe & reliable software, approach it from "what can go wrong, will go wrong", not "I won't worry about that case, because it's unlikely."