calling C code // drivers

[Valentin]

Erik wrote:

>For interfacing C, it is much safer to put your C-interface in
>a separate driver (or even better in a separate process and talk
>to it through a socket).

I cannot agree more, however, even this is not always safe -- recently we
managed to crash Erlang by simply passing an invalid argument in RPC call...
to cut the story short, by passing a pointer to the prevously deallocated
(hence dirty) memory, Erlang runtime received TERM which size exceeded the
allocated memeory. Now, I would much rather have a caller crashing during
the encoding/marshalling (ei_encodexxx(...)), however,  due to the specific
memory handling of the host operating system (Solaris never stops to amaze
me), the calling process memory overrun was tolerated, but ERTS wasn't as
forgiving.

Valentin.