Re: graceful recovery?!?

Subject: Re: graceful recovery?!?
From: Martin Sevior (msevior@mccubbin.ph.unimelb.edu.au)
Date: Mon Jun 05 2000 - 07:31:50 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: James Montgomerie: "RE: Integer size (fwd)"
• Previous message: James Montgomerie: "RE: Why We Should Use the STL (fwd)"
• In reply to: Jesper Skov: "Re: graceful recovery?!?"
• Reply: Martin Sevior: "Re: graceful recovery?!?"

On Mon, 5 Jun 2000, Jesper Skov wrote:
>
> This is all fine, of course. Only issue is; there are a gazillion
> places in the code where there's potential for jumping into Nirvana
> via a NULL pointer. Do we want to add assertions to all those places -
> more importanly, do we want to leave that assertion code enabled for
> non-debug builds?
>

No we don't. I was under the assumption you had found a rare segfault
whose occurance you couldn't diagnose.

> As for graceful recovery; the check should not be in the code in the
> form of assertions (in a production build). Instead there should be a
> segv handler (surely there's an equivalent on Windows, BeOS, etc?)
> which tries to save the document(s) in a configurable set of formats.
>

This is a Good Idea. I was thinking about this in another context when I
wanted to be 100% sure I always got a valid frame pointer in the modeless
dialog code. Unfortunately a segfault isn't a trapable C++ exception. I
was thinking building my own via the unix signal 11 (segfault) by pushing
the address of a handling routine onto a stack that would be interogated
by the unix signal code.

So the idea is that if we have some hairy code that *might* fail due to
a segfault we write an exception handling routine, push the address of the
routine onto the segfault handler stack. If we get a signal 11 the
handling code pops the stack and jumps to the address found - our segfault
handling code. Of course you gotta make sure you pop the stack on the
other side of the hairy code.

The default handler would be called if there is no address on the stack
which would be something like: "Sorry we've screwed up somehow, do you
want us to try to save your file?" In politically correct Language of
course. We don't want to offend the sensibilities of all those Church
Secretary's :-)

Luckily I found ways to be sure I always got a valid frame pointer in
Modeless dialog code - at least so far so I didn't write this. I don't
think the code should have gone in if it had know segfault problems -but
it might be useful for pre-existing segfault's whose origin's are unknown.

I like the idea of fault tolerant code but I don't want to rely on it.

>
> I guess this is really a new feature (and something that would make
> AbiWord stand apart from M$ Word too!)
>
> "While AbiWord doesn't crash your computer every hour, it at least
> tries to save your data when it does" (*)

Hmm Abiword better not crash anything but itself! I think I managed to
make it crash X once but it took real effort on my part to screw up that
bad :-)

Still I think this is a good thing to have. Of course for 1.0 we will have
0 bugs anyway :-)

>
> Jesper
>
> *: Danish humor -- I'm not sure it translates very well :) "my car
> doesn't go far on the galon, but at least it is expensive to repair
> and breaks down often"
>

• Next message: James Montgomerie: "RE: Integer size (fwd)"
• Previous message: James Montgomerie: "RE: Why We Should Use the STL (fwd)"
• In reply to: Jesper Skov: "Re: graceful recovery?!?"
• Reply: Martin Sevior: "Re: graceful recovery?!?"

This archive was generated by hypermail 2b25 : Mon Jun 05 2000 - 07:32:22 CDT