Re: What is ``access (NULL, whatever)'' supposed to do?

[Thomas Bushnell BSG]

On Tue, 2007-04-10 at 11:46 +0200, Neal H. Walfield wrote:
> At Mon,  9 Apr 2007 20:02:32 -0700 (PDT),
> Roland McGrath <roland@frob.com> wrote:
> > 
> > It is supposed to crash.  Hopefully it does not hold locks while doing so,
> > and we should make sure that it doesn't.  But anything that returns EFAULT
> > on Linux has every right to crash with SIGSEGV or SIGBUS there too, and on
> > the Hurd we explicitly intend that bad addresses cause crashes and not
> > errors that might be ignored.  If it's undefined behavior, crashing quickly
> > is the most humane way to treat the disadvantaged programmer who made an
> > error or truly didn't know better before.  
> 
> This is a nice approach in theory but in practice it fails for us
> because the programmers who make these mistakes do not see the
> crashes: few programmers develop natively on the Hurd or even test
> their code on the Hurd.  As such, ignoring that this behavior has
> become de facto only creates work for Hurd porters.  Let these people
> make more substantial contributions than correcting technical but
> otherwise benign, pedantic bugs.

These are not in general benign bugs.  Rather, they are lucky.  Often
such bugs are related to security failures, or are causing more serious
bugs elsewhere in ways which are very difficult to reproduce.  Handing
around bad pointers and the like is not a good strategy for code, and
the fact that the Hurd has this different behavior is only good.

Thomas

signature.asc
Description: This is a digitally signed message part