A few WARNS6 cleanups
Peter Schuller
peter.schuller at infidyne.com
Mon Jan 3 11:55:03 PST 2005
> But, consider where some of these problems reside. From ufs/fs.h:
>
> /*
> * Super block for an FFS file system.
> */
> struct fs {
> ...
> int32_t fs_size; /* number of blocks in fs */
> int32_t fs_dsize; /* number of data blocks in fs */
> int32_t fs_ncg; /* number of cylinder groups */
> int32_t fs_bsize; /* size of basic blocks in fs */
> int32_t fs_fsize; /* size of frag blocks in fs */
> int32_t fs_frag; /* number of frags in a block in fs */
> ...
>
> None of these can ever be below zero, but they all must be signed for
> the sake of compatibility.
Without having looked at this stuff beyond newfs, it sounds to me like the
fundamental problem is the lack of a layer of abstraction between the on-disk
format and the format used for internal processing in the tools/kernel.
In my (not so informed, given my lack of experience with kernel/os programming)
opinion the proper fix would be to abstract away this whole thing to
deal with data types and structures that make logical and practical sence (e.g.,
uint64_t[1] to remain future proof). One would then have properly defined and
*explicit* bounds checking where it can be easily verified what is allowed
and what isn't. The limits of the underlying structure (on-disk for example)
then becomes an implementation detail rather than a design issue that prevents
proper writing of utilities.
[1] Or some generice size typedef; but then one run into a whole set of problems
with printf() and such not being independent of the actual types.
--
/ Peter Schuller, InfiDyne Technologies HB
PGP userID: 0xE9758B7D or 'Peter Schuller <peter.schuller at xxxxxxxxxxxx>'
Key retrieval: Send an E-Mail to getpgpkey at xxxxxxxxx
E-Mail: peter.schuller at xxxxxxxxxxxx Web: http://www.scode.org
More information about the Submit
mailing list