[erlang-questions] Handling unexpected messages (was Re: Erlang shell crashes)
Sean Hinde
sean.hinde@REDACTED
Mon Oct 30 12:43:19 CET 2006
On 30 Oct 2006, at 11:12, Christian S wrote:
> On 10/30/06, Ben Butler-Cole <ben@REDACTED> wrote:
>> I'm writing my first Erlang system and need to decide general
>> policies for this kind of thing. Is there not an argument for
>> exiting if you get an unexpected message rather than just ignoring
>> it? I suppose that opens you up to a denial of service attack if
>> your Pids or process names aren't completely secure.
>
> If you have malicious code in your erlang system it can do far worse
> things. All code in an erlang system is granted access to every
> corner. There is no such things as secure pids or process names to it.
>
> Yes it is probably a good idea to crash on the unexpected. Write
> programs for the expected and crash when expectations aren't met.
> Continuing a program when something unexpected has happened is to walk
> on thin ice on a lake of undefined behavior.
As a contrary argument, many of the messages passed in a typical
large Erlang system (at least in Telecoms) have nothing whatever to
do with core function. To crash some core function process because
some broken maintenance module sends it a duff status request is
almost certainly not the right thing to do. Much better to log the
duff request and ignore it.
Sean
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list