Re: MTD concat layer - Brian J. Fox

public inbox for linux-mtd@lists.infradead.org
 help / color / mirror / Atom feed

From: "Brian J. Fox" <bfox@ua.com>
To: rob@sysgo.de
Cc: dwmw2@infradead.org, linux-mtd@lists.infradead.org,
	joern@wohnheim.fh-wedel.de
Subject: Re: MTD concat layer
Date: Sun, 17 Feb 2002 11:05:54 -0800	[thread overview]
Message-ID: <E16cWdG-0003jL-00@speedy.datawave.net> (raw)
In-Reply-To: <Pine.LNX.4.21.0202171132030.24980-100000@dagobert.svc.sysgo.de> (message from Robert Kaiser on Sun, 17 Feb 2002 11:36:30 +0100 (MET))

   Date: Sun, 17 Feb 2002 11:36:30 +0100 (MET)
   From: Robert Kaiser <rob@sysgo.de>
   X-Sender: rob@dagobert.svc.sysgo.de
   cc: dwmw2@infradead.org, linux-mtd@lists.infradead.org,
      joern@wohnheim.fh-wedel.de

   On Sat, 16 Feb 2002, Brian J. Fox wrote:

   > 
   >    From: Robert Kaiser <rob@sysgo.de>
   >    Date: Sat, 16 Feb 2002 12:03:27 +0100 (MET)
   > 
   >    On Sat, 16 Feb 2002, David Woodhouse wrote:
   > 
   >    > 
   >    > rob@sysgo.de said:
   >    > > OK, just to be clear about this: If my erase function is asked to
   >    > > erase -say-  1.5 blocks, what should it do: 
   >    > 
   >    > -EINVAL.
   > 
   >    OK, but is the function allowed to erase blocks up to the point
   >    where it hits the partial block request ? That would make it simpler,
   >    especially in the presence of variable block sizes.
   > 
   > *No*, you should *not* erase some blocks and return an error.
   > 

   Hmm, would you care to elaborate why ?

Just to be clear, the words that are important to me in my above
statement are the combination of "erase" and "and error" -- i.e., a
better printing of my above statement is:

   *No*, you should *not* erase some blocks *and* return an error.

For each function that you call (or write) in your program, there are
a myriad of possibilities for how bad inputs are handled.  Three of
these are common.  One may ignore bad inputs, and just keep chugging,
*perhaps* causing a crash.  One may massage the bad inputs into "good"
inputs, and pretend that the caller supplied those inputs.  Or, one
may refuse to operate utilizing the bad inputs.

Of the three options that I gave above, only one of them results in
predictable behavior -- the last one.

In order to achieve predictable behavior, and fewer bugs in the driver
overall, functions should simply refuse to operate on parameters that
fall out-of-bounds, and should return an error which specifies why
nothing happened.

If the erase function could only be called from within the driver code
proper (i.e., the only way bad inputs could be generated would be
purely from other bugs in the driver code), it would be acceptable to
*deliberately* crash at the point that the bad input was seen, so as
to speed the debugging of the driver code.

Low-level system software should never try to DWIM -- it is guaranteed
to fail.

Hab' ich meine Gedanken gut eklaren?

Brian
== The Difference Between Cultures: ==
    Einigkeit und Recht und Freiheit
    Liberte', E'galite', Fraternite'
    Sex, drugs and rock'n'roll

next prev parent reply	other threads:[~2002-02-17 18:55 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-02-12 18:40 MTD concat layer Robert Kaiser
2002-02-13  7:56 ` Suspend Erase bug in cfi_cmdset0001.c Joakim Tjernlund
2002-02-14  8:17   ` Joakim Tjernlund
2002-02-13 11:00 ` MTD concat layer Joakim Tjernlund
2002-02-13 11:04   ` David Woodhouse
2002-02-13 11:34     ` Robert Kaiser
2002-02-13 11:37     ` Robert Schwebel
2002-02-13 13:33       ` Daniel Engström
2002-02-13 14:01         ` Eric W. Biederman
2002-02-15 15:58 ` David Woodhouse
2002-02-15 17:43   ` Robert Kaiser
2002-02-15 18:02     ` David Woodhouse
2002-02-15 18:40       ` Jörn Engel
2002-02-16 10:33         ` Robert Kaiser
2002-02-16 10:43       ` Robert Kaiser
2002-02-16 10:43         ` David Woodhouse
2002-02-16 11:03           ` Robert Kaiser
2002-02-16 11:08             ` David Woodhouse
2002-02-16 14:56             ` Brian J. Fox
2002-02-17 10:36               ` Robert Kaiser
2002-02-17 19:05                 ` Brian J. Fox [this message]
2002-02-18  8:48                   ` Robert Kaiser
2002-02-18  9:05                     ` David Woodhouse
2002-02-18 15:53                       ` Brian J. Fox
2002-02-18 17:01                         ` Robert Kaiser
2002-02-18 17:02                           ` David Woodhouse
2002-02-18 15:46                     ` Brian J. Fox
2002-02-20 14:28 ` Jonas Holmberg
2002-02-20 15:35   ` Robert Kaiser
2002-02-21 14:51     ` Jonas Holmberg
2002-02-26 11:32       ` Robert Kaiser
2002-03-06 13:37         ` Jonas Holmberg
2002-03-06 16:02           ` Robert Kaiser
  -- strict thread matches above, loose matches on Subject: below --
2002-02-14 11:14 Jonas Holmberg
2002-03-08 16:08 Robert Kaiser
2002-03-08 16:22 ` David Woodhouse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E16cWdG-0003jL-00@speedy.datawave.net \
    --to=bfox@ua.com \
    --cc=dwmw2@infradead.org \
    --cc=joern@wohnheim.fh-wedel.de \
    --cc=linux-mtd@lists.infradead.org \
    --cc=rob@sysgo.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox