[PATCH] do not call _dbus_warn_check_failed on checks
thoenig at suse.de
Mon Nov 13 12:18:44 PST 2006
On Mon, 2006-11-13 at 13:01 -0500, Havoc Pennington wrote:
> This is an intentional change. If we wanted to revert it, then the right
> fix is to toggle the fatalness default in the code for
> warn_check_failed, rather than your patch (though the comment fix in
> your patch would be good to get in).
You find a patch for this attached to this mail.
> The change was discussed on several bugzilla bugs at least. Several
> people were unhappy that "behavior was undefined" after check failure,
> wanted guarantees about what was returned and/or internally-consistent
> state post-check-failure, etc. This is not and has never been the
> intent; once the check fails, behavior is undefined. A build of libdbus
> with no checks at all is very legitimate (and will have a bunch of
> segv's where the checks were before).
It would have been nice if there had been a note in the release notes or
at least on-list. Following yet another bugzilla to track important
changes like should not be required. In that particular case there is
not even an explanatory comment in the ChangeLog.
> I think fatal checks gives people the right idea about what the checks
> mean, namely, a bug in their program. Before people seemed to have the
> idea that libdbus worked like system calls - that passing in junk would
> get you EINVAL. I got a little sick of people trying to check the
> behavior of the checks in test suites and otherwise relying on the checks.
> The checks are not in the ABI; if a condition that is checked is true,
> then you can't call the function.
> I admit fatal checks is a little user-unfriendly. If the programmer
> conscientiously tried to fix all their check failures, but left a bug
> in, then sometimes an app could recover and continue without
> user-visible results. Fatal checks makes that impossible. On other other
> hand, fatal checks means that bug-buddy and equivalents will kick in in
> that case and get the issue reported.
I agree with all of that. Just without any notice I was very puzzled
about the crucial change of behavior.
> Due to user impact, distributions might want to put
> DBUS_FATAL_WARNINGS=0 in production releases, but I'd encourage them to
> leave the default for test releases and get those crashes fixed.
I agree on that, too. That's the way to go.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1088 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/dbus/attachments/20061113/a4209fd5/dbus-fix-comment-for-disable-dbus-check-thoenig-01.bin
More information about the dbus