Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!uunet!ficc!peter From: peter@ficc.uu.net (Peter da Silva) Newsgroups: comp.os.minix Subject: Re: POSIX Message-ID: <6714@ficc.uu.net> Date: 28 Oct 89 13:54:13 GMT References: <3819@ast.cs.vu.nl> <1989Oct26.143100.4916@world.std.com> <3842@math.cs.vu.nl> <3600@amelia.nas.nasa.gov> <4128@ast.cs.vu.nl> Reply-To: peter@ficc.uu.net (Peter da Silva) Organization: Xenix Support, FICC Lines: 26 In article <4128@ast.cs.vu.nl> ast@cs.vu.nl (Andy Tanenbaum) writes: > If you maintain that the > called library routine (free) should check for bad arguments, then the > directory package should also check for bad arguments. Malloc/free are normally expected to track allocated memory, so it is reasonable to expect them to be able to check their arguments... they already have the information they need. A directory package doesn't, so you eithet have to maintain a list of allocated chunks, duplicating free's work, or go to an unreliable system like a flag word. Or pre-allocate the structures and use descriptors. An argument-checking library is a good idea. But the amount of overhead needed to do this right is prohibitive, and doing it wrong gives a false sense of security. A production library should not even try unless the right set of checks are cheap... like in malloc/free. It's not something for POSIX to specify, and in fact they don't specify it. They merely say that *when an error is detected* the error code should be EBADF. -- `-_-' Peter da Silva . 'U` -------------- +1 713 274 5180. "That particular mistake will not be repeated. There are plenty of mistakes left that have not yet been used." -- Andy Tanenbaum (ast@cs.vu.nl)