[lwip-users] Optimistic error handling in lwIP

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] Optimistic error handling in lwIP

From:	Zschocke, Florian
Subject:	[lwip-users] Optimistic error handling in lwIP
Date:	Thu, 27 Feb 2003 13:10:52 +0100

I have noticed a quite optimistic error handling in the lwIP sources. While
developing for embedded systems, our systems aren't the most tiny ones so
that every byte would count. I am wondering if such optimistic programming
with lax error checking is wanted in order to keep the code small.

The current example that I have problems with is the assumption that
sys_mbox_fetch() will always successfully return with a fetched message.
Check the netconn_recv() function for an example:

struct netbuf *
netconn_recv(struct netconn *conn)
{
  struct api_msg *msg;
  struct netbuf *buf;
  struct pbuf *p;
  u16_t len;
    
  if(conn == NULL) {
    return NULL;
  }
  
  if(conn->recvmbox == SYS_MBOX_NULL) {
    conn->err = ERR_CONN;
    return NULL;
  }

  if(conn->err != ERR_OK) {
    return NULL;
  }

  if(conn->type == NETCONN_TCP) {

/* TCP code here */

  } else {
    sys_mbox_fetch(conn->recvmbox, (void **)&buf);
    conn->recv_avail -= buf->p->tot_len;
    /* Register event with callback */
    if (conn->callback)
        (*conn->callback)(conn, NETCONN_EVT_RCVMINUS, buf->p->tot_len);
  }

  return buf;
}

Apparently there was some desire for error checking at the beginning of the
function. But in the UDP part the (IMHO optimistic) assumption is made that
sys_mbox_fetch() always returns successfully with buf now pointing to a
valid netbuf. On some (e.g. our) systems that may not be true. Due to some
arbitrary event some interrupt may have occured causing the
sys_arch_mbox_fetch() function to return without having fetched a message.
This will lead to the line after sys_mbox_fetch() to dereference an invalid
pointer which most often leads to a crash.

In this case simply changing the lwIP code to check if (buf != NULL) would
already help. But more generally, I would like to propose to be wary with
void functions. The better choice might be to have sys_mbox_fetch() return
an error value and make ample use of errno throughout the lwIP code. 

The same holds true with the xxx_init() functions. All of them are void
functions. But it could well be that some intialisation fails, e.g. due to
lack of free resources (I am thinking about tcpip_init() here). I think it
would be better if they were declared to return an error code, too, so that
error checking can be done if need be.

Anyhows, I'd like to get a discussion going about this. I'm not quite sure
who is currently "in charge" or actively developing lwIP and who to appeal
to.

Florian.

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] Optimistic error handling in lwIP, Zschocke, Florian <=
- Re: [lwip-users] Optimistic error handling in lwIP, Kieran Mansley, 2003/02/27

Prev by Date: [lwip-users] loopif bug ?
Next by Date: [lwip-users] Re: Latest version of PPP for lwIP
Previous by thread: [lwip-users] loopif bug ?
Next by thread: Re: [lwip-users] Optimistic error handling in lwIP
Index(es):
- Date
- Thread