From owner-freebsd-bugs@FreeBSD.ORG Mon Jul 4 07:10:05 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2558016A41C for ; Mon, 4 Jul 2005 07:10:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E929E43D45 for ; Mon, 4 Jul 2005 07:10:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j647A41v008656 for ; Mon, 4 Jul 2005 07:10:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j647A40s008655; Mon, 4 Jul 2005 07:10:04 GMT (envelope-from gnats) Date: Mon, 4 Jul 2005 07:10:04 GMT Message-Id: <200507040710.j647A40s008655@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Dan Allen Cc: Subject: Re: kern/78256: strstr could be more robust X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dan Allen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2005 07:10:05 -0000 The following reply was made to PR kern/78256; it has been noted by GNATS. From: Dan Allen To: Bruce Evans Cc: Gleb Smirnoff , freebsd-bugs@FreeBSD.org Subject: Re: kern/78256: strstr could be more robust Date: Sun, 3 Jul 2005 12:50:38 -0600 On Mar 9, 2005, at 2:18 PM, Bruce Evans wrote: > On Wed, 9 Mar 2005, Dan Allen wrote: > >> On Mar 9, 2005, at 7:18 AM, Gleb Smirnoff wrote: >> >>> Not a bug, sorry. See also bin/52691. >> Why are you so reluctant to add one test to improve robustness? >> Since it is not specified one way or the other in the standard, it >> will not break compatibility with the standard. So it is not a >> bug technically - you still could with a single line of C code >> improve the robustness of the system. Not doing so seems >> shortsighted. >> > > Adding the test would unimprove robustness (except on systems that > don't > trap on null pointers -- then a test, followed by a call to abort() or > signal(), would be needed to give the same behaviour as a null pointer > trap). Aborting a program immediately when undefined behaviour in it > is detected improves robustness by limiting the undefined behaviour to > just halting the program and possibly generating a core dump, and by > making the bug obvious and easy to debug so that it gets fixed. My use of strstr() is quite a bit different than if I had an off-by- one error, or if I overflowed a buffer, or some other definitely bad practice. My use of strstr() is perfectly legitimate, but it falls into the area of an undefined case in the C standard. Searching for something in nothing should return nothing, not crash, i.e., strstr (NULL,"a string") should return NULL. Plauger agrees with me and he is the best expert on the C standard. I guess my belief is this: it is never proper to crash. It is better for a function to return some error code that at least informs the caller that an illegal argument was given than it is to just immediately die. You believe it is better to just crash the system immediately rather than return an error code. So why do even support errno then? It is a method of returning error codes. By your reasoning programmers should find their errors by letting improper function calls cause a segment violation or bus fault... a very poor method indeed. Thanks for listening. I still like FreeBSD but am somewhat dismayed at this philosophy... Dan