[PATCH wayland v4 08/11] client: Replace the singleton zombie with bespoke zombies

Daniel Stone daniel at fooishbar.org
Thu Jan 11 15:44:19 UTC 2018


Hi Simon,

On 10 January 2018 at 17:47, Simon McVittie <smcv at collabora.com> wrote:
> On Wed, 10 Jan 2018 at 11:03:03 -0600, Derek Foreman wrote:
>> I suspect 100% of the software I work on on a daily basis will explode in
>> completely unpredictable and undiagnosable ways in response to a malloc()
>> failure anyway
>
> Does anyone test these code paths in Wayland? If so, how? (Genuine
> questions, I'm interested in the answers.)

It might as well have been rhetorical though, since the answer is: no,
not at all. Especially not with overcommit.

> I ask because the original authors of libdbus wrote it thinking that
> they had handled OOM conditions, at significant complexity cost,
> then later added infrastructure to simulate malloc() failures during
> automated testing and discovered that a significant fraction of them
> were mishandled (Havoc estimates "at least 5%" in [1]). Next month that
> test infrastructure will be 15 years old, and I'm *still* semi-regularly
> finding bugs in pre-existing code where malloc() failures are mishandled.

I would agree with this. I've got a lot of trouble imagining the exact
scenario where malloc fails for our new zombie object during
destruction and then succeeds for the wl_closure allocation when we
next demarshal a message. I'd be inclined to keep this patch as-is.

Cheers,
Daniel


More information about the wayland-devel mailing list