This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: safety paper - please send feedback!

From: William Cohen <wcohen at redhat dot com>
To: "Chen, Brad" <brad dot chen at intel dot com>
Cc: systemtap at sources dot redhat dot com
Date: Thu, 24 Mar 2005 10:54:20 -0500
Subject: Re: safety paper - please send feedback!
References: <75EC4D5486CAC247B84AAAA6F96AA558046F2B80@orsmsx402.amr.corp.intel.com>

The "G5. No procedures" is a rather severe restriction. Depending on how you count the runtime libraries it can't be enforced. It would be better to generate a static call graph of the function calls and verify there are no cycles. This will allow some factoring of code rather than having to inline everything. In most cases can live without recursive functions.

dynamic allocation could be done but only in the intial loading of the module and there must be checks to verify that it is successful. The probes themselves cannot do dynamic allocation.

G15.  "prefer mechanism that are intuitive to a programmer of
relatively ordinary skill." Lots of programmers of ordinary skill are
going to get things wrong.  There is a need to make it provable
to people, but there are lots of simple solutions that don't work in
the general case.  Theory and validation are still needed.

Definitely need to have a specification of the systemtap input language written that is concise.

-Will

References:
- safety paper - please send feedback!
  - From: Chen, Brad

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]