Making alloca more safe

[Walter Bright]

BCS wrote:
>> (On my car, I installed an oil pressure switch that shuts off the
>> electric fuel pump if the pressure drops.
> It might not translate to CS but there are good reasons that such a 
> device doesn't come standard on cars; the first time one killed a car in 
> rush hour traffic and set off a 50 car pile-up the someone (GM?) goes 
> bankrupt.

With the pump shut off, you have a few seconds of fuel left in the carb. 
With no oil pressure, your engine is going to seize anyway.

>> I also pried a switch off of
>> a junkyard Mustang that shuts off if it gets hit hard, I also plan on
>> installing that to shut off the fuel pump. Think of those like a "seg
>> fault" <g>)
> 
> That one might even be worse because it only comes into play when you 
> know things are going wrong; "as soon as things go wrong, my car quits 
> working".

You *really* don't want your fuel pump to keep on pumping if you're in 
an accident. That's the purpose of the inertial switch. With older 
mechanical pumps, the pump would stop whenever the engine did. The 
gasoline is safer remaining in the tank than being pumped all over the 
road, the hot engine, and your trapped body.


>>> so why not try to make things better by saving what you can?
>>>
>> Sure, you can try saving things, but you'd better hope that there was
>> already a reasonably recent clean copy of your data.
> 
> that or make a very robust dump system (core dump?)


A core dump, no matter how robust, will not fix your data if it is 
randomized by an errant program before it seg faulted.

>> To write safe & reliable software, approach it from "what can go
>> wrong, will go wrong", not "I won't worry about that case, because
>> it's unlikely." 
> 
>