zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. tcfhgj+w4[view] [source] 2022-10-02 14:53:29
>>rvz+(OP)
> Not completing the operation at all, is not really any better than getting the wrong answer, it's only more debuggable.

Wouldn't be that sure about that. Getting the wrong answer can be a serious security problem. Not completing the operation... well, it is not good, but that's it.

◧◩
2. atty+D5[view] [source] 2022-10-02 15:00:29
>>tcfhgj+w4
The kernel can’t fail to complete its operations, because then the entire system crashes and no logs are created. Instead, you can finish the operation and check the result.
◧◩◪
3. charci+rd[view] [source] 2022-10-02 15:44:21
>>atty+D5
panic doesn't instantly crash the program. It prints out debug information first. You could have kernel panics work the same way.
◧◩◪◨
4. Someon+Hk[view] [source] 2022-10-02 16:23:48
>>charci+rd
And when Linux is running on your fridge, in your car, or on a headless VM then who is there to read out this "printed output." The great thing about "log and continue" is you can automate collection and fix the underlying bug (or know that the hardware is failing).

Keep in mind that in a kernel panic no hardware is assumed to work, so assumptions like "just write to storage!" isn't an assumption you can make, you're in a panic the IO could have been literally pulled out.

[go to top]