"This kind of problem" includes a lot more than just user input.
It includes, for example, the size of data structures built from
user input.
Yeah, that's why we take comp sci classes in school. So that we can
estimate the size of data structures relative to user input and
minimize them. The right answer is still to design your code
appropriately, not to use some OS dials to just cause your application
to become unresponsive or fail or something.
We could also ask the standards committee to make the std library more
helpful to us in this regard, but that's about effective as any other
kind of praying.
[...] If your system is set up so that untrusted users
can send arbitrary data to programs not specially written to handle
it, you should make use of your operating system's facilities for
limiting process memory and cpu use.
Oh. So, you are saying C is a failure of a programming language that
cannot be relied upon to control the performance of its own
execution?
No.
Well, then what is wrong with demanding that you write a C solution
that *DOES* take care of all that and more equally well on all
platforms with C compilers irrespective of OS behavior/features?
Get a better OS then. After all, isn't resource allocation one of
the canonical operating system functions?
Yes, but high performance reclamation and reuse is *NOT* a canonical
operation system function. What you are asking for is something that
can and should be delivered by good application design or the standard
library. What I demand from the OS, is that it deliver functionality
I request and absolutely nothing else. I always assume that any OS
call is at least as bad as writing to the disk.
The configuration doesn't have be part of the application, it can be
done by whatever runs the application. In unix for example you can
use setrlimit() to set the limit, and then exec the program.
Yeah, we got your point in the last post. *Some* OS has some kind of
application limitation control functions. Of course we don't know if
the iPhone OS, PalmOS or VxWorks has that or a similar call, now do
we? All because you are too lazy to implement a useful cautious,
conservative, yet powerful input mechanism even when the explanation
and source code is handed to you on a silver platter.
This has the advantage that the same program can be run with different
limits in different environments.
Right. The disadvantage is that its not portable and it will never be
portable.