Xref: utzoo comp.lang.c:25690 comp.unix.wizards:20469
Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!wuarchive!rex!ames!haven!mimsy!chris
From: chris@mimsy.umd.edu (Chris Torek)
Newsgroups: comp.lang.c,comp.unix.wizards
Subject: Re: Argument validity checking (addresses)
Message-ID: <22290@mimsy.umd.edu>
Date: 5 Feb 90 09:37:48 GMT
References: <1990Jan18.175540.12131@wolves.uucp> <1891@gmdzi.UUCP> <1668@uniol.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 36

This whole discussion has been rather amazing.  In most cases, there is
little difference between a program that, when run, says

	% compute 2 + 2
	Segmentation fault (core dumped)
	% 

and one that says

	% compute 2 + 2
	!*797tKG
	%

where the former used an invalid address, and the latter used a valid but
incorrect address.  Testing whether an address can be read or written does
not tell whether that address *should* be read or written.  Much better
would be, for instance, a program that says:

	% compute 2 + 2
	compute: panic: add_integers: invalid data type code 47!
	compute: This program has discovered itself to be buggy.
		Please notify the vendor, including what you did
		and the exact output from the program.
	Segmentation fault (core dumped)
	% 

Address validity checking is at best a minor part of real validity
checking.  The core dump provides enough information to locate the bad
address, which is as much as the program could have done anyway (since
it must assume, once something has gone wrong, that *anything* could go
wrong).

There are a few exceptions to this rule, but they are fairly rare.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@cs.umd.edu	Path:	uunet!mimsy!chris