Re: bonobo-activation; freeing base services ...



Darin Adler <darin bentspoon com> writes:   
> > atexit() == bad hack. File it away with longjmp() under C Library
> > Booby Traps and Stupid Ideas.
> 
> I think you overstate the case.

I disagree, but I'll skip the details. (This does remind me that
Nautilus kept crashing in an atexit() handler last time I was
debugging it, and I forgot to ever figure it out ;-)

> But since you feel strongly about it, you should convince Owen and Tim to
> deprecate g_atexit in glib and maybe put some words to this effect in there
> as a public service.

Potentially a good idea, though g_atexit() is a fine portability
wrapper for atexit(), perhaps not worth breaking. I wouldn't use it
myself, certainly not in a lib, but if people want to use atexit()
functions using g_atexit() is probably better than plain atexit().

> Anyway, we are missing the main point here. Aren't shutdown functions just
> as bad as init functions? And you are always preaching against init
> functions. Instead of looking at atexit itself, perhaps we should be looking
> at atexit vs. shutdown functions.

Well, several of the issues I mentioned don't apply to shutdown
functions. 

 - they don't surprise the app programmer
 - the app programmer can choose not to call them
 - no one will have the illusion that they are reliably called
 - they are portable
 - they do not break fork/exec
 - they don't require an init function to set up ;-)

One sane use of a shutdown function IMO is on the application level,
you need one to do the whole "quit" thing - "are you sure you want to
quit," and so on. On the library level, it'd be pretty insane if you
had to call a shutdown function for every lib though.

Two uses of atexit I've seen recently:

 a) free memory, as in Nautilus - this could really just be #ifdef
    DEBUG_MEMORY or something, it's totally unimportant for end users

 b) bad hacks to avoid leaking system resources such as processes or 
    lockfiles

a) is harmless, but probably shouldn't be turned on by default in a
library; the need for b) reflects a wholly unstable system, much as
systems without protected memory are unstable. Anytime we require b)
we are in trouble. The belief that we can rely on apps never crashing
or misbehaving or being killed or having their X connection shut off
is a major problem with the GNOME 1.4 user experience. The fact that
normal exit cleaned things up just made problems a lot worse, since
everything appeared to work in a laboratory environment, and so no one
ever fixed the problem. I'm very much hoping this is fixed in 2.0.

Note that I have no idea what Michael's shutdown functions actually
do, I haven't read the patch. Maybe they're a new case.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]