Date: Wed, 20 Jun 2012 14:41:55 -0700 From: Xin Li <delphij@delphij.net> To: Colin Percival <cperciva@freebsd.org> Cc: src-committers@freebsd.org, Eitan Adler <eadler@freebsd.org>, svn-src-all@freebsd.org, Warner Losh <wlosh@bsdimp.com>, Bruce Evans <brde@optusnet.com.au>, svn-src-head@freebsd.org, d@delphij.net Subject: Re: svn commit: r237286 - head/lib/libc/gen Message-ID: <4FE243A3.1070202@delphij.net> In-Reply-To: <4FE23F54.5060409@freebsd.org> References: <201206200638.q5K6cg7u024024@svn.freebsd.org> <20120621015220.J2636@besplex.bde.org> <4FE1FC23.9000904@freebsd.org> <690DF487-F7CB-421E-B6BC-F7CE6BC0F658@bsdimp.com> <4FE23F54.5060409@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 06/20/12 14:23, Colin Percival wrote: > On 06/20/12 14:15, Warner Losh wrote: >> On Jun 20, 2012, at 10:36 AM, Colin Percival wrote: >>> On 06/20/12 09:27, Bruce Evans wrote: >>>> On Wed, 20 Jun 2012, Eitan Adler wrote: >>>>> Log: Don't close an uninitialized descriptor. [1] Add a >>>>> sanity check for the validity of the passed fd. >>>> >>>> Library functions shouldn't use assert() or abort(). >>> >>> Why not? >> >> We've tried to avoid things that make the library dump core... > > You mean, we avoid it except in the places where we don't? It > seems to me that dumping core is exactly the right way to handle a > "can't ever happen" situation inside libc -- just like the ~250 > instances of assert() in jemalloc. > > If you mean "passing an invalid parameter to a library function > shouldn't result in a core dump", I agree -- but that's not the > case here. But malloc() is a rare place that we typically consider as "low level" enough where, no better remedies are provided from API prospective -- there is nothing better than crashing the program immediately, since that would likely to lead us to where the smoking gun is. Library procedures normally detect and report errors, but don't handle them like this. Also, as Bruce pointed out, it's a case that can never happen and thus the explicit assert is just a waste of space. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBCAAGBQJP4kOjAAoJEG80Jeu8UPuzs/cH/ixT9Emrdb4MDoVA3WCE9TS6 W3DE0SbvFtRLrtsSI8i8EsET87sRtOiIoEjFUuRa7HYO3JL3hr9wzLLa84k2sCEW pSPa0pKJ3ZhQR7O3UMb3PxAQxwG4uoFhxST6MuAOci2ySojwbK0YAg5G+TyBf1ch V2MNG2ZIg3tGAmT96/YHONYmP3rleHNDSoYQ5N3m9Svu8am1qRrg8Tz+Z+M0c1db SpJvWBsmrk60xpcZUlHMlO6L1TB5eCAE+pxTiN41xDlL8sXwHIzWf+g7YUyzRa+n 82fpnDPnm6VfdnPHug3MBQ/gRdIMw2aApqEtwRmRTQHIz41t5MA1b48qAWrTH3o= =V4AY -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE243A3.1070202>