Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!rpi!uupsi!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.programmer
Subject: Re: System call error handling
Message-ID: <17475:Feb705:47:3491@kramden.acf.nyu.edu>
Date: 7 Feb 91 05:47:34 GMT
References: <10210:Feb505:10:2991@kramden.acf.nyu.edu> <27AEF248.6C25@tct.uucp> <3354@unisoft.UUCP>
Organization: IR
Lines: 28

In article <3354@unisoft.UUCP> greywolf@unisoft.UUCP (The Grey Wolf) writes:
> (Dan Bernstein) writes:
> [ much deleted to cast a long story to a short one; ]
> >>Die with a fatal error, possibly killing a truly critical system program
> >>running under pty?
> Dan, what in *hell* are you doing running a truly critical system program
> under pty in the first place?  I mean, is it *really* necessary?
> Truly critical system programs should be run from a real shell.

Agreed. (Real shell? Do you have a real shell? I'd love to see the docs.)
Still, on the off chance that someone *is* running a critical program
under pty, it can't make a policy of dying at the first hint of trouble.

> >>Chip, be reasonable. You can't demand of system programs that they check
> >>for external system consistency at every step.
> If you don't do this, you're setting yourself up for a MAJOR loss.
> Moreover, if you're running Truly Critical System Programs that DON'T
> check for some degree of sanity, you're just asking for trouble.  Most
> system programs that I know of do sanity checks reasonably often.

Reasonably often, yes. (We are, after all, talking about a program that
checks nearly 100% of its return codes.) But defensive programming isn't
black and white. You can't demand that a program check before every
single operation that the entire rest of the program will succeed; the
system doesn't even provide hooks for simple operations like
preallocating filesystem space.

---Dan