From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:57869)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wiesinger.com>) id 1TWipd-000540-7d
	for qemu-devel@nongnu.org; Fri, 09 Nov 2012 02:16:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lists@wiesinger.com>) id 1TWipc-00037r-8D
	for qemu-devel@nongnu.org; Fri, 09 Nov 2012 02:16:49 -0500
Received: from chello084112167138.7.11.vie.surfer.at ([84.112.167.138]:56333
	helo=wiesinger.com) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lists@wiesinger.com>) id 1TWipb-00037I-Tf
	for qemu-devel@nongnu.org; Fri, 09 Nov 2012 02:16:48 -0500
Message-ID: <509CAD36.1070800@wiesinger.com>
Date: Fri, 09 Nov 2012 08:13:58 +0100
From: Gerhard Wiesinger <lists@wiesinger.com>
MIME-Version: 1.0
References: <alpine.LFD.2.02.1211012105080.690@bbs.intern>
	<CAFEAcA_WYtoocPVMk1eHSXNoMK-1WLP7+SsiYcMoSRtOJK3rwA@mail.gmail.com>
	<509C1F16.2090808@redhat.com>
In-Reply-To: <509C1F16.2090808@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, Anthony Liguori <aliguori@us.ibm.com>, qemu-devel@nongnu.org

On 08.11.2012 22:07, Gerd Hoffmann wrote:
>    Hi,
>
>> I think this is fixing this at the wrong level. Either we
>> should require that drivers (in this case vmware_vga.c)
>> must not call dpy_gfx_update() with out of range values,
>> or we should do the clipping in the console.c layer, but
>> I don't think requiring every UI backend to clip is the
>> right thing. Anthony?
> Agree.  IMHO vmware_vga.c is at fault here and should be fixed.  We can
> add some asserts to console.[ch] to enforce this ...
>

Regarding fail safe programming I think it should be fixed/handled in 
both modules:
vmware_vga.c should not trigger wrong values but also other modules 
should verify or even correct there input parameters.
(think of situations where bits might not be accurate due to CPU bugs or 
even QEMU/KVM in aerospace where
bits fall to other states due to high energy cosmic ray).

Best solution is IHMO for vnc.c:
1.) Log the problem (that other modules can be fixed, too).
2.) Fix parameters (so that program doesn't crash)

In mission critical software application like aerospace, airplanes, 
cars, etc. (e.g. where people might get unhealthy) handling such 
situations where input parameters aren't as expected is a must.

See:
https://en.wikipedia.org/wiki/Fail-safe
https://en.wikipedia.org/wiki/Cosmic_ray#Effect_on_electronics
https://en.wikipedia.org/wiki/Radiation_hardening

Precondition:
https://en.wikipedia.org/wiki/Eiffel_%28programming_language%29#Design_by_Contract

Ciao,
Gerhard