Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The library noticed the error and was (effectively) calling exit().

If the library was at liberty to throw, they would not have to change any internal callers and would get the same feature for them (not having to deal with errors anywhere) but they would still give the external caller a chance not to terminate.

Yes. By default, a caller would terminate, but it would get a chance not to in a way that doesn't involve changing the libraries public interface.



Exceptions are not a silver bullet. One can't simply turn an assert into an exception and expect things to work. That's a great way to add new and tricky bugs unrelated to the original issue.

If an exception crosses a stack frame that isn't expecting one, things could be left in an inconsistent state. Invariants may vary, constraints may be unconstrained.

To retrofit exceptions into the existing code at this point would be very difficult, as you would have to audit every caller of the function in question, a nd the callersof those, and on and on...

Imagine problems like Apple's "goto fail" SSL bug, but more obscure and harder to find.

To have used exceptions from the beginning would require an amount of work roughly equivalent to returning error codes. They aren't fundamentally different from error codes in that way. Well, unless you're a cowboy who ignores errors.

Exceptions wouldn't have solved anything here.


> Exceptions are not a silver bullet.

There are a lot of things that aren't silver bullets. Oddly though, they are still helpful.

> One can't simply turn an assert into an exception and expect things to work.

Actually, if you did that, you'd expect them to fail... but with better semantics.

> That's a great way to add new and tricky bugs unrelated to the original issue.

Only if your runtime doesn't allow for the clean expression of stack unwinding semantics.

> To retrofit exceptions into the existing code at this point would be very difficult.

Yes, I don't think that was at all related to the original point though. It'd be hard to retrofit almost any new language feature in to the existing code.

> To have used exceptions from the beginning would require an amount of work roughly equivalent to returning error codes. They aren't fundamentally different from error codes in that way. Well, unless you're a cowboy who ignores errors.

Not at all. Error codes require error handling in every caller up the call chain. Exceptions at least allow you to put your error handling logic just where you have handlers.


> Only if your runtime doesn't allow for the clean expression of stack unwinding semantics.

The point here is that if a library has already chosen to not cleanly unwind anything, your application catching the exception isn't going to help the garbled state created by the library.


I think cbsmith's point is that a a good language makes it so easy to correctly unwind the stack that it's almost harder to not do it right. If we could go back in time and do it over using exceptions and a better language, this likely would have been an exception from the start, which would have made this bug easier to fix. For example, Python's "assert" raises instead of exiting the process. The caller could just catch the exception from the failed assertion and deal with it, without need to update any other code. The problem is, we can't easily change languages now, nor can we safely retrofit exceptions. Hindsight is 20/20.

It's worth noting that that argument depends on the exception-raising assertion having been present from the beginning. The correctness of stack unwinding code can sometimes depend of which exceptions a function raises. A particular piece of code that is currently correct may break if one of the functions it calls is changed to raise a new type of exception.


That's essentially it. The whole, "yeah but the library may not handle exceptions properly" is essentially a C++ problem, not an exceptions problem.


An assert is what a programmer uses when they think something won't/can't ever happen.

So the authors did not realise inotify could legitimately return an error.

If they'd thought it could return an error, they'd return the error code themselves or recover gracefully or whatever.


The library can do the equivalent by offering a new interface to register an error callback.

Even without that, callers do have a way of preventing termination: Fork.


Use atexit to register a handler that setjmps back to main.


Hey, I like that. Always nice to use the more obscure things messing with the stack (set/longjmp) ;-)... Haven't encountered them for a while.

http://pastebin.com/2fdwHvi8

    [optiplex /home/chris/tmp/atexit_main]
    $ ./testme
    This is main. I will sleep a while, then try to exit.
    PANIC! main() has been restarted due to a unscheduled exit!
    This is main. I will sleep a while, then try to exit.
    PANIC! main() has been restarted due to a unscheduled exit!
    This is main. I will sleep a while, then try to exit.
    PANIC! main() has been restarted due to a unscheduled exit!
    This is main. I will sleep a while, then try to exit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: