John-Mark Gurney wrote: > Bernd Walter wrote this message on Wed, Sep 17, 2003 at 10:27 +0200: > > What is wrong with returning an IO error? > > > > I always hated panics because of filesystem corruptions. > > An alternative would be to just bring that filesystem down. > > Its easy to panic a whole system with a bogus filesystem on a removeable > > media. > > If you're file system is so hosed that it does this, then panicing > is the only safe thing to do. You don't know what continued operation > will do to the filesytem, and you might end up losing more data. > > It is not unresonable to put parameter restrictions on function calls. > It is not much different from enforcing that a pointer is not NULL when > being passed as an argument. There are several reasonable times to do parameter checking: o When your underlying device does not support all the available parameter combinations of your interface, but some other device does (i.e. your device is a subset, and you want to support it anyway, even if it has to offer degraded functionality). o When non-enforcement results in a regression for a third party driver or software package. o When the interface is intended to be a non-fragile one between your code and a third party's code, and you don't trust the third party's code not to cause an error in your code (you could always somewhat work around this one by claiming that the third party software caused an unrecoverable fault in passive voice, the way Microsoft does when VMM32.VXD gives out a pointer and later loses its cookies over seeing it given back). That said, I think that doing parameter checking in functions for interfaces that are non-sparsely implemented underneath is a bad idea, and only damages performance. I have seen this taken to the extreme at a former employer, with disasterous results on performance. -- TerryReceived on Wed Sep 17 2003 - 23:44:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:22 UTC