Date: Sat, 10 Jan 98 07:12:31 -0500 From: Garance A Drosehn <gad@mlor.its.rpi.edu> To: hackers@FreeBSD.ORG Subject: Re: FreeBSD Netcards Message-ID: <9801101212.AA28463@mlor.its.rpi.edu> References: <Pine.SV4.3.95.980110180117.17965B-100000@parkplace.cet.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Hancock <michaelh@cet.co.jp> wrote: > I'm firmly in the camp that correctness is a higher priority than > robustness. > > A user process should be terminated quickly when it does something > wrong. This ends up giving us far higher quality code than having > the kernel sweeping possibly insidious bugs under the carpet. > These include NULL value errors and double FREEs. I am too. We used a similar strategy of generating a page-fault on MTS (what we used for a mainframe operating system) for page-zero references. We also did other things which would cause aborts or clearly-incorrect-results for stupid programming errors. We often got complaints from people bringing programs from other operating systems. I've seen many a program which "worked" on some other operating system, but only if you will accept that "quietly producing absolutely incorrect results" is "working". In some cases, those absolutely incorrect results on other operating systems had already been used in real-world situations (such as, say, building a bridge over a river(*)), and believe you me I'd very much rather the program had aborted immediately and shot the programmer instead of "working" by the above definition. Of course, it's also fine if it aborts immediately and doesn't shoot the programmer. I just don't want to have to worry every time I drive over a bridge. (* - this really happened. somewhere in connecticut there is a bridge which was built based on unquestionably incorrect results from one such program. Now, maybe that bridge is fine and dandy, and maybe it will even last longer than the pyramids in Egypt, but for my money I would much rather that correct results had been available for the decisions made when building that bridge. This probably about twenty years ago now, so it's also possible the bridge has already fallen down...) --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer (MIME & NeXTmail capable) Rensselaer Polytechnic Institute; Troy NY USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9801101212.AA28463>