Making alloca more safe

Tomas Lindquist Olsen tomas.l.olsen at gmail.com
Tue Nov 17 07:13:01 PST 2009


On Tue, Nov 17, 2009 at 11:51 AM, Walter Bright
<newshound1 at digitalmars.com> wrote:
> Max Samukha wrote:
>>
>> On Mon, 16 Nov 2009 12:48:51 -0800, Walter Bright
>> <newshound1 at digitalmars.com> wrote:
>>
>>> If you've got a system that relies on the software continuing to function
>>> after an unexpected null seg fault, you have a VERY BADLY DESIGNED and
>>> COMPLETELY UNSAFE system. I really cannot emphasize this enough.
>>
>> I have an example of such a software:
>>
>> http://www.steinberg.net/en/products/audiopostproduction_product/nuendo4.html
>>
>> It loads third-party plugins into the host process's address space, an
>> consequently it may fail at any moment. The software's design is not
>> the best ever but it gives the user last chance to save his work in
>> case of fatal error. This feature has saved my back a couple of times.
>
> I suppose nobody much cares if it writes out a corrupted audio file. People
> care very much if their airplane suddenly dives into the ground.
>
> Be that as it may, it is certainly possible to catch seg faults in an
> exception handler and write files out. That would be an unacceptable
> behavior, though, in a system that needs to be safe.
>

You spent quite a bit of effort explaining that segfaults never cause
memory corruption, so it seems fairly reasonable to assume that some
parts of the application state could still be valid and useful not to
throw away.

>>
>>> P.S. I worked for Boeing for years on flight critical systems. Normally I
>>> eschew credentialism, but I feel very strongly about this issue and wish to
>>> point out that my knowledge on this is based on decades of real world
>>> experience by aviation companies who take this issue extremely seriously.
>>
>> Then, instead of sticking with Windows and the likes, you may want to
>> think about porting dmd to a more serious environment specifically
>> designed for developing such systems. What about a real-time
>> microkernel OS like this one:
>> http://www.qnx.com/products/neutrino_rtos/ ?
>
> dmd targets Windows because that's where probably half the programmers are.
> I'd certainly like to do embedded systems, too, but realistically that's
> going to be the purview of gdc or ldc.
>

I'm not sure if LDC will ever support D2 (at least wont be by my hand)



More information about the Digitalmars-d mailing list