Leet said:
Perhaps you are unaware that some C code is run in safety-critical
environments - having a program that dumps core at the drop of a hat
rather than carrying on running could literally be the difference
between life and death.
If a SIGSEGV can be the difference between life and death, then such
code has *no* *right* to ever *cause* a SIGSEGV, regardless of how the
system is going to respond to the SIGSEGV (ignoring it and letting
the program continue, or aborting it).
There are several solutions that could proper here:
(1) Keep the code simple enough that you can use mathematics to
prove it correct. This has been been done successfully with
some designs. It's not easy, but then we're talking about a
life or death situation here.
(2) Exhaustively test the code. Sometimes this is not possible
due to exponential explosion of test cases, but sometimes
it actually is.
(3) Nearly-exhaustively test the code. Maybe testing every possible
program path isn't possible, but very thorough test coverage
(not just of lines of code, but of "interesting" combination
of inputs) is possible. That might be acceptable if combined
with other quality efforts.
(4) Use a system where, on a *local* basis, *individual* faults can
be determined to be harmless and the program can proceed.
Notice that this is not the same thing as ignoring SIGSEGV
for the entire program and assuming all invalid memory
accesses are OK. Instead, what I'm talking about is a
system where you can say "if THIS block of code goes
outside the bounds of THAT array, then THAT ONE THING
should not be a fatal error, and here is the routine that
will do the error handling and keep the system in a known
good state".
Of course, it's silly to be having a discussion about safety-critical
software in comp.unix.programmer. Maybe there's one that I don't know
about, but as far as I know, there isn't a version of Unix that is
meant to be used in an environment like that. In fact, where I've
checked, license agreements often specifically exclude the use of the
software in such an environment. And for good reason: a system that
can get somebody killed needs to use software that's simpler that Unix.
- Logan