System call error handling
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Thu Feb 7 16:47:34 AEST 1991
In article <3354 at unisoft.UUCP> greywolf at unisoft.UUCP (The Grey Wolf) writes:
> (Dan Bernstein) writes:
> [ much deleted to cast a long story to a short one; ]
> >>Die with a fatal error, possibly killing a truly critical system program
> >>running under pty?
> Dan, what in *hell* are you doing running a truly critical system program
> under pty in the first place? I mean, is it *really* necessary?
> Truly critical system programs should be run from a real shell.
Agreed. (Real shell? Do you have a real shell? I'd love to see the docs.)
Still, on the off chance that someone *is* running a critical program
under pty, it can't make a policy of dying at the first hint of trouble.
> >>Chip, be reasonable. You can't demand of system programs that they check
> >>for external system consistency at every step.
> If you don't do this, you're setting yourself up for a MAJOR loss.
> Moreover, if you're running Truly Critical System Programs that DON'T
> check for some degree of sanity, you're just asking for trouble. Most
> system programs that I know of do sanity checks reasonably often.
Reasonably often, yes. (We are, after all, talking about a program that
checks nearly 100% of its return codes.) But defensive programming isn't
black and white. You can't demand that a program check before every
single operation that the entire rest of the program will succeed; the
system doesn't even provide hooks for simple operations like
preallocating filesystem space.
---Dan
More information about the Comp.unix.programmer
mailing list