On Thu, 30 Aug 2001, Stephen Robert Norris wrote:

> On Wed, Aug 29, 2001 at 05:14:36PM -0500, Kelly Martin wrote:
> > On 29 Aug 2001 16:59:18 -0500, Larry Ewing <[EMAIL PROTECTED]> said:
> >
> > >Ah so it is the libraries fault that it crashes when you pass it an
> > >unterminated string?
> >
> > Yes, in this case bad design on the part of the library designer for
> > allowing such behavior.  I realize that the use of null-terminated
> > strings is a legacy of the original C runtime library.  That doesn't
> > mean that it's right.
> >
> > Kelly
> So it's the library's fault if I pass it a bad pointer and it causes
> a SEGV?

This is a silly debate.

* There are cases where utter software reliability is required.

  In these cases, having a subroutine identify errors in it's inputs
  may well be pointless because there is almost certainly no action
  it can take to recover the situation anyway - you simply have to
  have all your software be bug free - and if it is then there is no
  need to check function parameters anyway.  If your Airbus fly-by-wire
  software's sqrt routine is given -1 as a parameter, you are already
  in deep trouble and:

  fprintf ( stderr, "Oh my GOD we're all going to DIE!!\n" ) ;
  return 0 ;

  ...just isn't going to cut it!  Even with proper heirarchical
  exception handling, this just isn't going to work.

* There are cases where it IS important to KNOW that there is an
  error then it is worth doing horrible things like not using
  null-terminated strings or not passing pointers and having
  every subroutine check all of it's arguments minutely.  You
  should realise though that you have to design-for-checkability
  and the cost of doing that is quite high.  I used to design
  telephone exchanges and they fall into this category.  You
  really need special custom programming languages that avoid
  these situations by design.

  Then you get into all the hurt of testing the error trapping
  mechanisms using a whole new raft of code that'll get thrown
  away eventually.  You can't test it with your live code because
  that's probably bug-free anyway and will never trigger the
  fault conditions whose recovery routines you are trying to test.

* There are yet other cases where performance is so critical
  that starting every subroutine with a dozen lines of parameter
  checking code is too costly to contemplate.  I've worked in
  embedded environments where that is definitely the case.

So everyone is right and we can conveniently end this horribly
off-topic and silly debate.

Steve Baker                      (817)619-2657 (Vox/Vox-Mail)
L3Com/Link Simulation & Training (817)619-2466 (Fax)
Work: [EMAIL PROTECTED]           http://www.link.com
Home: [EMAIL PROTECTED]       http://web2.airmail.net/sjbaker1

Gimp-developer mailing list

Reply via email to