Re: assert, ABORT, and friends
Aidan Kehoe <kehoea(a)parhasard.net> wrote:
Ar an naoú lá déag de mí Meitheamh, scríobh Jerry James:
> [...] My opinion is that this is misdirected paranoia.
Well, paranoia directed towards preserving the user’s data is not a
bad
thing in itself.
The trouble is that this particular bit of paranioa does not help
preserve the user's data and complicates analysis of the code to boot.
More below.
> [...] I think this approach makes a lot of sense and is much
better than
> the error-prone way we are doing it.
Is anyone on the list using development GNU Emacs to the extent that they
often trigger assertion failures, and if so, does it succeed in preserving
your data? I share your concern about the conceptual sanity of our code, but
if in practice it’s preserving more data than the other approach, that may
override the conceptual advantages.
It does not preserve more data. Our code base is riddled with code that
assumes that ABORT() and failing assert()s do not return. So in a
double assertion failure scenario, what is likely to happen is that the
second assert_failed() will return, and the code it returns to will
immediately do something fatal based on the assumption that a return
would not happen. So XEmacs is dead anyway, without having done
anything extra to preserve the user's data.
We could try to fix the problem by going through the code and handling
the case where an ABORT or failed assert() does return. But what are
you going to do? Take a look through the code. In most cases, there is
nothing sane that can be done, which is exactly why that code is trying
to cause an exit. You could try to throw something, but then you lose
the stacktrace to the place where the problem actually occurred.
My position is that our code base assumes that those functions do not
return, therefore we should fix it so that propery is guaranteed.
--
Jerry James, Assistant Professor james(a)xemacs.org
Computer Science Department http://www.cs.usu.edu/~jerry/
Utah State University