November 19, 2009Re: Making alloca more safe
Posted in reply to Walter Bright
Hello Walter, > Tomas Lindquist Olsen wrote: > >> You spent quite a bit of effort explaining that segfaults never cause >> memory corruption, so it seems fairly reasonable to assume that some >> parts of the application state could still be valid and useful not to >> throw away. >> > When a seg fault occurs, it is because your program is in a state that > you, the programmer, never anticipated. Therefore, you cannot know > what state your data is in. Therefore, your data is unreliable. While > it may not be in a bad state from memory corruption, it could very > well be in a bad state from your program's logic being wrong. > > Do you want to bet your life on assuming your program and its data is > still valid? No, at that point I wouldn't count on the program doing any thing correctly. But that is a long way from trying to get it to do something useful on the way down, like try and save off what data it can and generate a crash log with whatever it can salvage. If either of these fail, I'm, at worst, in exactly the same position I was in before I attempted them and, at best, they work. And before you say it, if the system is truly critical, I'd have the crash handler in ROM, a hardware lock out to stop the system from mucking with any thing external and a watchdog timer to reset it if the crash handler hangs.