On Wed, Mar 9, 2011 at 4:17 PM, Andrew Deason <[email protected]> wrote: > On Wed, 9 Mar 2011 16:11:02 -0500 > Tom Keiser <[email protected]> wrote: > >> Additionally, I can envision cases where an unknown-discriminant is >> potentially more serious than a length mismatch for a known >> discriminant (e.g., consider a case where a non-critical XCB >> notification has a bad length, but a critical XCB notification >> discriminant is unknown by the decoding peer). > > But why are you trusting the discriminant (which aiui will be used to > determine criticality) more than the data in the arm? At that point it > seems like the whole arm+length+discriminant is effectively garbage. > Maybe it was intended to be critical, but the value of the discriminant > had a bit flipped or something. >
_We're_ explicitly not trusting the discriminant: we're assuring generality by leaving that decision up to the error-handling semantics of the specific union type definition. All we're doing in this draft is making a best effort to continue decoding the stream--so that the RPC framework has the _ability_ to defer error handling to the upper-layer, rather than having to fail the entire call with prejudice within the RPC layer itself. Regards, -Tom _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
