[AFS3-std] Re: AFS-3 XDR discriminated union primitive type I-D
Tom Keiser
tkeiser@sinenomine.net
Thu, 10 Mar 2011 14:03:18 -0500
On Wed, Mar 9, 2011 at 4:17 PM, Andrew Deason <adeason@sinenomine.net> wrote:
> On Wed, 9 Mar 2011 16:11:02 -0500
> Tom Keiser <tkeiser@sinenomine.net> wrote:
>
>> Additionally, I can envision cases where an unknown-discriminant is
>> potentially more serious than a length mismatch for a known
>> discriminant (e.g., consider a case where a non-critical XCB
>> notification has a bad length, but a critical XCB notification
>> discriminant is unknown by the decoding peer).
>
> But why are you trusting the discriminant (which aiui will be used to
> determine criticality) more than the data in the arm? At that point it
> seems like the whole arm+length+discriminant is effectively garbage.
> Maybe it was intended to be critical, but the value of the discriminant
> had a bit flipped or something.
>
_We're_ explicitly not trusting the discriminant: we're assuring
generality by leaving that decision up to the error-handling semantics
of the specific union type definition. All we're doing in this draft
is making a best effort to continue decoding the stream--so that the
RPC framework has the _ability_ to defer error handling to the
upper-layer, rather than having to fail the entire call with prejudice
within the RPC layer itself.
Regards,
-Tom