Path: utzoo!utgpu!attcan!uunet!cbmvax!rutgers!mailrus!ames!husc6!linus!philabs!sbcs!root From: root@sbcs.sunysb.edu (root) Newsgroups: comp.sys.amiga.tech Subject: Re: Negative Open Counts (was Re: IEEE libraries) Keywords: open counts Message-ID: <1596@sbcs.sunysb.edu> Date: 15 Sep 88 11:38:03 GMT References: <1356@percival.UUCP> <4736@cbmvax.UUCP> Distribution: na Organization: State University of New York at Stony Brook Lines: 64 In article <4736@cbmvax.UUCP>, ditto@cbmvax.UUCP (Michael "Ford" Ditto) writes: > In article <1587@sbcs.sunysb.edu> root@sbcs.sunysb.edu (root) writes: > The Amiga hardware and software both rely on bug free programs for > correct system operation, and the only way to change that would be > to replace the hardware and the software. It's not "bad design", > it's just one of the many levels of protection that can be put in > a system. There are other systems out there if this one is not ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > up to your standards. ^^^^^^^^^^^^^^^^^^^^ (You actually work for Commodore? With your attitude I should hope not) The point here is that we need to do better on the Amiga. Perhaps it is not possible to do a 100% job here, but I am sure improvements can be made as we evolve to 1.4, 1.5, etc. > No matter how much we talk about this, it will not become possible with > the current semantics of libraries. Many people taking part in this > discussion don't seem to have realized yet that: (A) when an opencount > goes negative, it is not possible to determine what program did more > closes than opens, and (B) when this bug occurs, it is not possible to > detect any anomaly in the opencount until AFTER the system has been > subject to corruption for an unpredictable amount of time. Yes, of course we see this. But then the attitude that "if we can't do this 100% right we shouldn't do it at all" is silly. So yes we can construct pathological examples that break the open count management code. But then not all failure modes follow the example. My feeling on this (after watching the 20? messages fired off on the subject) is that a mix of Dale's and my original posting would provide satisfactory protection for now: pop a recoverable requester on opencnt < 0; mark library permanent. > Even if library usage were redesigned to be bullet-proof, what would > be gained? There are bil-yuns and bil-yuns of ways to crash an Amiga. > How many of them (and which ones) should be silently ignored when they > are detected? We would have chipped away at ONE of the ways to bomb the Amiga. We would have set a precedent that we will endeavor make the system more robust rather than taking a GURU. We will have started to think about tips and techniques to prevent GURU's, etc, etc. > > As far as "public image" is concerned, is it better to say > "Fatal error; system halted" > or > "System error; some or all of your data may be destroyed > if you continue..."? > > I think the first answer will result in programs being fixed, and the > second answer will result in a lot of people afraid to use the computer. Neither. It is better to design the system such that these things do not happen easily. > -=] Ford [=- > . . (In Real Life: Mike Ditto) > pardon our dust. ditto@cbmvax.commodore.com Rick Spanbauer Ameristar Technology