Re: Ancient history

Douglas A. Gwyn wrote:

> Nick Maclaren wrote:
>
>> Douglas A. Gwyn <DAGwyn@null.net> wrote:
>>
>>> Nick Maclaren wrote:
>>>
>>>> Andrew Swallow <am.swallow@btopenworld.com> wrote:
>>>>
>>>>> A simple action is to add a statement saying, "Checks for
>>>>> queue/buffer overflows shall be performed and an appropriate
>>>>> recovery action performed."
>>>>
>>>> The problem is that nobody knows when such things are legal and
>>>> when they are not in C.
>>>
>>> That's nonsense. It is easy to check for an
>>> overflow situation before it occurs.
>>
>> Which is orthogonal and irrelevant to my point. If nobody knows where
>> the boundary is between overflowing and access to an extended area
>> (i.e. permitted use), then it is impossible to insert such checking
>> correctly. And that is the case.
>
>
> That's a vacuous "if". When a programmer codes allocation
> of some buffer he knows darn well what its bounds are, and
> can easily use that information to check subsequent access.

Changing from the fixed sized queues implemented using an array
to a variable sized queue - possibly implemented as a linked list.
When an entry is made a buffer is requested from the heap. Pointers
to the next and previous entries are inserted into the buffer
and the pointers in the neighbouring buffers updated.

Queue full is signalled by the memory management refusing to
allocate the buffer. This refusal needs detecting and recovering
from. Possibly by throwing away the new data and reporting the
overflow.

In portable code "undefined" means that using the facility
in that way is *banned*. If the programmer has to have the
C standard on his desk and read the appropriate paragraph for
every line he writes then he has to read the appropriate
paragraph for every line he writes.

Andrew Swallow
Received on Thu Sep 29 21:43:59 2005