[M3devel] SEGV mapping to RuntimeError
Mika Nystrom
mika at async.caltech.edu
Sun Feb 20 02:51:07 CET 2011
>But SIGSEGV I think is in another realm. It is a sign of problems that shou=
>ld generally
>be ignored.
>There is a term "fail fast" -- at a sign of problem=2C fail. Don't press on=
>.
>There are arguments either way.
>The world=2C really=2C the larger human enterprise and setting=2C is not fa=
>il fast.
>We have lots of problems=2C yet almost everything almost always goes on.
Well, see, when you're using a Lisp interpreter, SIGSEGV in called
code is not in another realm (this is my problem). It is also not
in another realm if you are implementing an operating system without
hardware memory protection (e.g., SPIN) or if you're running untrusted
outside code in a "sandbox" (which you CAN build with Modula-3, again
without memory protection). How would you like it if you had to reboot
your computer every time you dereferenced a null pointer? Sounds a bit
like the 1950s doesn't it? Why should I have to restart my Lisp
interpreter if I slip on the keyboard?
These are things you would never dream of doing in C but that Modula-3
is eminently suited for doing. For precisely these sorts of purposes,
there's a big distinction designed into the language between failures
in "safe" code (which mean just that the code failed) and failures in
"unsafe" code (which mean that the world ended).
If you're not doing any of the special things listed above you're free
not to catch RuntimeError.E, in which case your program will crash on
an uncaught exception if it receives a SIGSEGV.
>I just don't think because the Green Book says something=2C or because it i=
>s inherent in the
>design=2C that is necessarily true or inherent in the implementation.
>There are bugs *everywhere*=2C and they gradually chip away at all aspects =
>of correctness.
Dijkstra teaches that one should code to the specification. Coding to
the implementation is a sure path to losing one's mind.
Mika
More information about the M3devel
mailing list