From: Jim Meyering <jim@meyering.net>
To: Geert Bosch <bosch@adacore.com>
Cc: "Alex Riesen" <raa.lkml@gmail.com>, git@vger.kernel.org
Subject: Re: [PATCH] git-log: detect dup and fdopen failure
Date: Wed, 27 Jun 2007 16:06:06 +0200 [thread overview]
Message-ID: <87zm2lmr01.fsf@rho.meyering.net> (raw)
In-Reply-To: <EF53B249-8430-4700-81AE-B97FD49FB955@adacore.com> (Geert Bosch's message of "Wed\, 27 Jun 2007 09\:54\:57 -0400")
Geert Bosch <bosch@adacore.com> wrote:
> On Jun 27, 2007, at 09:02, Jim Meyering wrote:
>> - if (!use_stdout)
>> - realstdout = fdopen(dup(1), "w");
>> + if (!use_stdout) {
>> + int fd = dup(1);
>> + if (fd < 0 || (realstdout = fdopen(fd, "w")) == NULL)
>> + die("failed to duplicate standard output: %s",
>> + strerror(errno));
>> + }
>
> This makes the code unreadable! A great way to ruin
> perfectly fine code is to add tons of error checking.
> The error checking is likely wrong (detects non-errors,
> or fails to detect real ones), and for sure makes code
> untestable and unreadable.
>
> If we really case about catching such errors, write
> the code as:
> if (!use_stdout)
> realstdout = xfdopen(dup(1), "w");
Of course. That is much more readable.
Though, perhaps you meant this?
> realstdout = xfdopen(xdup(1), "w");
If so, I'll be happy to prepare a patch to do that instead.
IMHO, we should never ignore syscall errors, and when preparing a
patch for a project like git (to which I haven't contributed much yet),
I prefer to keep the initial patch small and localized.
> where xfdopen is a wrapper around fdopen that dies in
> case of an error. This follows a practice we use elsewhere,
> and only adds one character to the code and only affects
> readability very slightly.
>
>> Without this, if you ever run out of file descriptors, dup will
>> fail (silently), fdopen will return NULL, and fprintf will
>> try to dereference NULL (i.e., usually segfault).
>
> As it is unlikely the failure mode will ever occur in practice,
> any way of aborting is fine. Even SIGSEGV would do: it would be
> trivial to find that we were leaking file descriptors or are out
> of memory. Oh, wait, that means we don't need any checking code
> at all...
Aren't you presuming the problem is easily reproducible
(and encountered by someone capable of investigating/reproducing),
or maybe that the abort left a usable core dump behind?
In my experience, the hardest bugs to track down are those
that are very rare and hard to reproduce.
next prev parent reply other threads:[~2007-06-27 14:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-27 11:59 [PATCH] detect dup failure Jim Meyering
2007-06-27 12:48 ` Alex Riesen
2007-06-27 13:02 ` [PATCH] git-log: detect dup and fdopen failure Jim Meyering
2007-06-27 13:18 ` Alex Riesen
2007-06-27 13:32 ` Jim Meyering
2007-06-27 14:04 ` Alex Riesen
2007-06-27 14:14 ` Jim Meyering
2007-06-27 15:57 ` Alex Riesen
2007-06-27 16:34 ` Jim Meyering
2007-06-27 13:54 ` Geert Bosch
2007-06-27 14:06 ` Jim Meyering [this message]
2007-06-27 14:28 ` Jim Meyering
2007-06-27 16:49 ` Linus Torvalds
2007-06-28 2:46 ` Josh Triplett
2007-06-28 5:02 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zm2lmr01.fsf@rho.meyering.net \
--to=jim@meyering.net \
--cc=bosch@adacore.com \
--cc=git@vger.kernel.org \
--cc=raa.lkml@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).