[erlang-questions] Handling unexpected messages (was Re: Erlang shell crashes)

Sean Hinde sean.hinde@REDACTED
Mon Oct 30 12:43:19 CET 2006


On 30 Oct 2006, at 11:12, Christian S wrote:

> On 10/30/06, Ben Butler-Cole <ben@REDACTED> wrote:
>> I'm writing my first Erlang system and need to decide general  
>> policies for this kind of thing. Is there not an argument for  
>> exiting if you get an unexpected message rather than just ignoring  
>> it? I suppose that opens you up to a denial of service attack if  
>> your Pids or process names aren't completely secure.
>
> If you have malicious code in your erlang system it can do far worse
> things. All code in an erlang system is granted access to every
> corner. There is no such things as secure pids or process names to it.
>
> Yes it is probably a good idea to crash on the unexpected. Write
> programs for the expected and crash when expectations aren't met.
> Continuing a program when something unexpected has happened is to walk
> on thin ice on a lake of undefined behavior.

As a contrary argument, many of the messages passed in a typical  
large Erlang system (at least in Telecoms) have nothing whatever to  
do with core function. To crash some core function process because  
some broken maintenance module sends it a duff status request is  
almost certainly not the right thing to do. Much better to log the  
duff request and ignore it.

Sean

> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions




More information about the erlang-questions mailing list