Cook: security things in Linux v5.1
Cook: security things in Linux v5.1
Posted Jun 4, 2019 21:31 UTC (Tue) by rweikusat2 (subscriber, #117920)In reply to: Cook: security things in Linux v5.1 by Cyberax
Parent article: Cook: security things in Linux v5.1
You should perhaps consider jettisoning the "discussion tactic" of asserting that whoever disagrees with one of your opinions must be "somehow mad". This not only ought to qualify as abusive, it also really just communicates that you have no arguments in favour of your standpoint and thus, prefer attacking people who disagree with it. In the real word, not in the fuzztesting playpen, Linux has a well-deserved reputation for reliability and that's why it's ubquitiously being used. For instance, in Android phones. Like any other complex programs, it also has bugs.
Considering that the fallthough comment overload is a language extension, adding a language extension adressing what's claimed to be the actual issue is obviously possible. It may not be a realistic option for ISO-C but Linux uses lots of language extensions already. I would wholeheartedly welcome this as it would eliminate the need to write lots of break-statements for the most common case. In contrast to this, forcing people to write yet more semantically pointless text in order to get a program through the compiler just means "more syntax errors beause of typos", as I already wrote.
Posted Jun 4, 2019 21:57 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link]
Posted Jun 7, 2019 0:18 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
I've worked with Linux a lot, working with clusters with hundreds of thousands of nodes and Linux failures were commonplace. OOPSes, hangups, livelocks, you name it. So yes, Linux is not reliable.
This is fine, engineering is a science of building reliable components from unreliable parts. You just have to plan for the worst case.
> Considering that the fallthough comment overload is a language extension, adding a language extension adressing what's claimed to be the actual issue is obviously possible.
First, we need to find a new keyword (not easy in itself) to replace "switch". Let's settle on "new_switch". This construction will require "fallthrough" keywords (again...) at the end of cases.
How do we deploy it? Linux supports quite old compilers, so you can't just mandate GCC 11 for it. Well, macros come to rescue. There's going to be a #define for the switch statement and then a #define for the fallthrough. And then you'll have to change ALL the statements in Linux to use the new statement, resulting in an even bigger patch.
And it'll take more than several years for the committee to agree on it.
With the current solution the change can be done NOW, without any performance or usage impact. With lots of actual bugfixes.
Posted Jun 11, 2019 19:23 UTC (Tue)
by nix (subscriber, #2304)
[Link]
It's not as if rweikusat's solution is a solution in any case: as you note, using any switch statement replacement would require going through all of them and changing them, inspecting every case to see if it needs to be fallthrough or not. This is exactly the same as what is being done now, except with years of added pointless delay in which actual bugs go disregarded. The perfect really *is* the enemy of the good in this case.
Cook: security things in Linux v5.1
Cook: security things in Linux v5.1
Yeah, it's so great that Google is now developing a whole new OS.
OK. So let's see how it would work.
Cook: security things in Linux v5.1