Everhart, Glenn (FUSA) From: Andy Goldstein [Goldstein@star.zko.dec.youknowwhere] Sent: Wednesday, May 12, 1999 10:46 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: VMS non-robustness (nothing too serious) GWDVMS::MOELLER wrote: > > I'm using VMS (in particular, a certain Vs3100 normally running V5.5-2) > for 4 years at home now. Thinking about the anniversary, I remembered > having experienced _one_ `relevant' system crash during that time: > > An unreadable (for whatever reason) CDROM caused some XQP bugcheck. > > This reminded me of the same sort of crash once seen during an attempt > to read a similarly bad 8" floppy (on a VAX 11/780, in the V3 era). > > Will the VMS file system ever recognize that crashing on un-writable > disks may be fine (in order to protect data integrity), but on _reading_ > them, it could as well return an appropriate I/O error status? The VMS file system was designed with the principle that *no* problems with the disk or file structure should cause it to crash. This principle extended to the extreme case of being robust against maliciously constructed file structures. (Try *that* on the world's favorite up and coming enterprise operating system!) The only legitimate reason for taking a bugcheck in the file system is that it has detected an internal error - some inconsistency that is the consequence of a bug or in-memory data corruption. The only point where we stopped short on this principle is where the disk gives back inconsistent data - i.e., returns different results from the reading the same block at different times. We concluded that this situaion was both very unlikely and too hard to defend against. By modifying certain blocks with logical I/O at the right time you can crash the file system (but I'm not going to tell you which ones). If the file system crashes on write errors to protect the file structure, this logic was put in when I wasn't looking and I don't agree with it. There is logic that write-locks the disk for a certain class of write errors that leave the file structure in an endangered state. All crashes in the file system represent a bug (somewhere) and should be reported to VMS engineering. (Well, OK, if you get a crash on V5.5-2 we probably won't be as interested as if it were on V7.2.) If you don't have a service agreement, please contact us informally and we'll get hold of the dump somehow. By analyzing the crash, hopefully we'll find and fix a bug before it crashes someone else's system.