Argument validity checking (addresses)

[Gregory G. Woodbury]

While playing around with yet another subroutine library to perform interactive
editing of fields under curses(3x) I came face-to-face with a missing feature
of UN*X (and probably most C language environments).

When a subroutine depends on the user to pass addresses (strings, structures,
or functions) that the subroutine is going to use, and the subroutine wants
to be robust about not killing the process if the user makes a mistake,
validity checking the aruments passed is one of the front line defenses.

The problem, however, is that UN*X environments (at least Sys5 and related
ones) do not provide a general means of determining if a given address is
going to generate a memory fault of some kind.  By this I mean that before
using the address (to call a function for example) there is no way to discern
that the address is not available to the process.

Some programs can use signals or other exception trapping mechanisms to
catch bad references after the fact and attempt to fix up -- but this is
not a general method.

Some architectures provide a machine instruction to "probe" an address
to determine access, but generally such instructions or facilities are
not available at the C interface.

I can easily see some of the complications of implementing such a
facility (handling paged out memory, dealing with shared memory
libraries and such like) but began wondering if other variants of UN*X
have provided such a facility, or how other programmers deal with the
desire to be robust in a non-robust environment like most UN*Xes?

-- 
Gregory G. Woodbury
Sysop/owner Wolves Den UNIX BBS, Durham NC
UUCP: ...dukcds!wolves!ggw   ...dukeac!wolves!ggw           [use the maps!]
Domain: ggw at cds.duke.edu  ggw at ac.duke.edu  ggw%wolves at ac.duke.edu
Phone: +1 919 493 1998 (Home)  +1 919 684 6126 (Work)
[The line eater is a boojum snark! ]           <standard disclaimers apply>