From owner-freebsd-hackers Sat Jan 10 03:32:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA22565 for hackers-outgoing; Sat, 10 Jan 1998 03:32:02 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from mail1.its.rpi.edu (root@mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA22548 for ; Sat, 10 Jan 1998 03:31:52 -0800 (PST) (envelope-from gad@mlor.its.rpi.edu) Received: from mlor.its.rpi.edu (mlor.its.rpi.edu [128.113.24.92]) by mail1.its.rpi.edu (8.8.8/8.8.6) with SMTP id GAA24756 for ; Sat, 10 Jan 1998 06:31:50 -0500 Received: by mlor.its.rpi.edu (NX5.67f2/NX3.0M) id AA28463; Sat, 10 Jan 98 07:12:34 -0500 Message-Id: <9801101212.AA28463@mlor.its.rpi.edu> Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Content-Type: text/plain; charset=us-ascii Received: by NeXT.Mailer (1.118.2) From: Garance A Drosehn Date: Sat, 10 Jan 98 07:12:31 -0500 To: hackers@FreeBSD.ORG Subject: Re: FreeBSD Netcards Reply-To: gad@eclipse.its.rpi.edu References: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id DAA22549 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk Michael Hancock wrote: > I'm firmly in the camp that correctness is a higher priority than > robustness. > > A user process should be terminated quickly when it does something > wrong. This ends up giving us far higher quality code than having > the kernel sweeping possibly insidious bugs under the carpet. > These include NULL value errors and double FREEs. I am too. We used a similar strategy of generating a page-fault on MTS (what we used for a mainframe operating system) for page-zero references. We also did other things which would cause aborts or clearly-incorrect-results for stupid programming errors. We often got complaints from people bringing programs from other operating systems. I've seen many a program which "worked" on some other operating system, but only if you will accept that "quietly producing absolutely incorrect results" is "working". In some cases, those absolutely incorrect results on other operating systems had already been used in real-world situations (such as, say, building a bridge over a river(*)), and believe you me I'd very much rather the program had aborted immediately and shot the programmer instead of "working" by the above definition. Of course, it's also fine if it aborts immediately and doesn't shoot the programmer. I just don't want to have to worry every time I drive over a bridge. (* - this really happened. somewhere in connecticut there is a bridge which was built based on unquestionably incorrect results from one such program. Now, maybe that bridge is fine and dandy, and maybe it will even last longer than the pyramids in Egypt, but for my money I would much rather that correct results had been available for the decisions made when building that bridge. This probably about twenty years ago now, so it's also possible the bridge has already fallen down...) --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer (MIME & NeXTmail capable) Rensselaer Polytechnic Institute; Troy NY USA