From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Dynamic modules: MODULE_HANDLE_SIGNALS etc. Date: Sun, 03 Jan 2016 20:51:28 +0200 Message-ID: <83twmu8pjj.fsf@gnu.org> References: <83mvu1x6t3.fsf@gnu.org> <56772054.8010401@cs.ucla.edu> <83zix4scgf.fsf@gnu.org> <5677DBC9.6030307@cs.ucla.edu> <83io3rst2r.fsf@gnu.org> <567841A6.4090408@cs.ucla.edu> <567844B9.2050308@dancol.org> <5678CD07.8080209@cs.ucla.edu> <5678D3AF.7030101@dancol.org> <5678D620.6070000@cs.ucla.edu> <83mvt2qxm1.fsf@gnu.org> <56797CD9.8010706@cs.ucla.edu> <8337uuqsux.fsf@gnu.org> <5679DC83.70405@cs.ucla.edu> <83oadhp2mj.fsf@gnu.org> <567AD556.6020202@cs.ucla.edu> <567AD766.3060608@dancol.org> <567B5DAB.2000900@cs.ucla.edu> <83fuyromig.fsf@gnu.org> <567C25B1.3020101@dancol.org> <56892FD6.8040708@dancol.org> <56894CE7.7090301@cs.ucla.edu> <8337uea8ix.fsf@gnu.org> <568958D8.5060505@dancol.org> <83ziwm8sv2.fsf@gnu.org> <56895F0F.3050904@dancol.org> <83wprq8riy.fsf@gnu.org> <5689675A.70500@dancol.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1451847099 20619 80.91.229.3 (3 Jan 2016 18:51:39 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 3 Jan 2016 18:51:39 +0000 (UTC) Cc: eggert@cs.ucla.edu, Emacs-devel@gnu.org To: Daniel Colascione Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 03 19:51:39 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aFnke-0008KT-GU for ged-emacs-devel@m.gmane.org; Sun, 03 Jan 2016 19:51:36 +0100 Original-Received: from localhost ([::1]:42542 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFnkd-0005mG-LK for ged-emacs-devel@m.gmane.org; Sun, 03 Jan 2016 13:51:35 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39466) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFnka-0005ly-1B for Emacs-devel@gnu.org; Sun, 03 Jan 2016 13:51:32 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aFnkW-0003uh-Sn for Emacs-devel@gnu.org; Sun, 03 Jan 2016 13:51:31 -0500 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46960) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aFnkW-0003ud-On; Sun, 03 Jan 2016 13:51:28 -0500 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2553 helo=HOME-C4E4A596F7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aFnkV-0000gU-W6; Sun, 03 Jan 2016 13:51:28 -0500 In-reply-to: <5689675A.70500@dancol.org> (message from Daniel Colascione on Sun, 3 Jan 2016 10:24:26 -0800) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:197484 Archived-At: > Cc: eggert@cs.ucla.edu, Emacs-devel@gnu.org > From: Daniel Colascione > Date: Sun, 3 Jan 2016 10:24:26 -0800 > > > Robustness comes at a price. You are asking Emacs and its users to > > pay a heavy price that they don't need to pay, because there are no > > requirements for Emacs to be as robust as safety-critical software. > > It's not a heavy price at all. Yes, it is. You would like us to crash rather than try recovering. That is a very heavy price in Emacs. > > Only if you think about Emacs as safety-critical piece of software > > that must operate continuously, 24x7. Otherwise, memory leaks when > > recovering from a disaster that happens very rarely is quite > > acceptable, if it brings other benefits (such as not losing work). > > My point isn't that memory leaks are disastrous. It's that the > consequences of this code weren't given due consideration at the time it > was committed. You have absolutely no evidence that this wasn't considered. It's factually incorrect. You don't have to know that it's incorrect, but I would expect you to give more credit to our collective knowledge and experience than you evidently do. > > You are not objective, so you exaggerate the risks and dismiss the > > benefits. > > I disagree that there *are* significant benefits. Of course, you do. Like I said: your bias affects your judgment. > >> *Anything* can happen, and there's no guarantee that what happens is > >> better for the user than an immediate crash. Hell, you can even cause > >> security problems with schemes of this sort. > > > > Sorry, that's FUD. > > No it isn't. When you invoke undefined behavior, anything unpleasant can > happen, and at scale, everything unpleasant will. It's not undefined behavior, not in practice. We know quite well what can and cannot happen. Anyway, saying that "unpleasant things can happen" _is_ FUD. I want to see a single bug report about these unpleasant things happening in real use, then I'll start thinking whether I should reconsider.