Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!mailrus!uflorida!gatech!bloom-beacon!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.lang.c
Subject: Re: effect of free()
Message-ID: <29624@news.Think.COM>
Date: 18 Sep 89 21:33:28 GMT
References: <319@cubmol.BIO.COLUMBIA.EDU> <3756@buengc.BU.EDU> <10988@smoke.BRL.MIL> <9339@attctc.Dallas.TX.US> <1641@levels.sait.edu.au> <11070@smoke.BRL.MIL> <1693@levels.sait.edu.au>
Sender: news@Think.COM
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 34

In article <1693@levels.sait.edu.au> CCDN@levels.sait.edu.au (DAVID NEWALL) writes:
>In article <11070@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn) writes:
>> In particular, there is a school of thought that says machine architecture
>> should be designed to assist in program reliability.  That school
>> occasionally influences computer architectures such that actions like
>> merely continuing to shuffle around invalid pointers cause an error trap
>> to be taken.
>That is supposed to make programs reliable?

Yes.  The idea is that a program that tries to manipulate invalid
pointers is doing so inadvertently.  The hope is that the trap will be
invoked while the program is being tested, and the bug will be fixed.
And even if the trap isn't triggered during testing, it might be
triggered by an end user, who should report that the program crashed
under such-and-such a circumstance, which will permit the developers
to fix the bug.  An architecture that doesn't trap is allowing the
program to perform a presumably-unintended operation.

>Testing parameters for "correctness", rather than blindly hoping that they
>are "correct", is one way to make programs more reliable.

Unfortunately, there is no C operation that tests parameters for
"correctness".  Supposing C allowed invalid pointers to be referenced,
what would you use to test parameters for correctness?  The program
fragment "if (ptr != NULL)" has been bandied about quite a bit in this
chain, but it isn't useful for determining whether a pointer is valid
or not; it would do the same thing for an invalid pointer and a valid,
non-null pointer.

Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar