This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
Re: safety paper - please send feedback!
The "G5. No procedures" is a rather severe restriction. Depending on how
you count the runtime libraries it can't be enforced.
It would be better to generate a static call graph of the function calls
and verify there are no cycles. This will allow some factoring of code
rather than having to inline everything. In most cases can live without
recursive functions.
dynamic allocation could be done but only in the intial loading of the
module and there must be checks to verify that it is successful. The
probes themselves cannot do dynamic allocation.
G15. "prefer mechanism that are intuitive to a programmer of
relatively ordinary skill." Lots of programmers of ordinary skill are
going to get things wrong. There is a need to make it provable
to people, but there are lots of simple solutions that don't work in
the general case. Theory and validation are still needed.
Definitely need to have a specification of the systemtap input language
written that is concise.
-Will