<camz@passageway.com> wrote in message news:b603pr$qb1$1@inn.qnx.com…
Igor Kovalenko <> kovalenko@attbi.com> > wrote:
[snip]
If any change in QNX makes a previously working code (library call) to
fail,
for users that’s a failure of the library call.I would normally agree with you, but in this case you are wrong. Armin is
using a library call incorrectly, the documentation says it will not work
with address ranged >4G, and Armin assumed that the MMU would never
generate
an address above that on a system with less than that memory. THAT is not
a valid assumption.What happened to Armin is simple, he used an library function wrong, and
he
got lucky that on previous versions of QNX6, the library function was
technically “broken” in that it never returned values >4G. It’s fixed and
now it does. The result is that Armin’s broken code no longer works, and
his luck has run out.This is NO DIFFERENT than writing code that uses shared memory but without
properly using semaphores. It will typically run perfectly fine on a
single
processor machine, and then crap out on an SMP machine. It’s NOT the SMP
machine that is broken, it’s the code. This is no different.
Actually it is a very bad analogy. Unprotected access to shared memory is
plain wrong because it is against the common logic. Using mmap() the way
Armin did is problematic, but does not conflict with the logic. Since QNX
never before supported address spaces >4Gb, it was pretty much guaranteed to
work. POSIX does not say anything on much of the details of mmap()
functionality, so what happens in practice is that you choose a certain way
to implement it, based on common implementations. Once you have chosen a
way, it becomes part of OS behavior your customers rely upon, just like all
the proprietary interfaces the OS in question has. Then it becomes a legacy
that you’re bound to support.
I DO NOT expect QSS to document all the case where “improper code
would
work prior to us fixing this bug”. Sure, they changed/improved the
functionality
and I expect them to document that… but not the fact that BAD CODE used
to
work as a SIDE EFFECT of the previous buggy behavior of that library
function.If they had to document all the instances where a bug of theirs would
allow
a programmer to “get away with” bad code, and then document again when
they
fixed (and therfore broke the bad code) function… that’s lunacy.
I disagree. It has nothing to do with lunacy. It has to do with respect to
customers’ codebase and protection of their investments. Of course QNX can’t
anticipate every way to abuse the API, but they can and they should detect
and document all changes in behavior of API functions, no matter if the
change is from bad to good or the other way around. It is easily doable
using automated test procedures. It would cost QNX pretty small resources to
do that, whereas it could potentially cost much more for customers to find
bugs in the code that is considered working & stable. Changing that code can
be prohibitively costly when issues like formal validation/approval by
regulatory bodies are involved.
– igor