From: Eli Zaretskii <eliz@gnu.org>
To: Daniel Colascione <dancol@dancol.org>
Cc: eggert@cs.ucla.edu, Emacs-devel@gnu.org
Subject: Re: Dynamic modules: MODULE_HANDLE_SIGNALS etc.
Date: Sun, 03 Jan 2016 20:08:37 +0200 [thread overview]
Message-ID: <83wprq8riy.fsf@gnu.org> (raw)
In-Reply-To: <56895F0F.3050904@dancol.org> (message from Daniel Colascione on Sun, 3 Jan 2016 09:49:03 -0800)
> Cc: eggert@cs.ucla.edu, Emacs-devel@gnu.org
> From: Daniel Colascione <dancol@dancol.org>
> Date: Sun, 3 Jan 2016 09:49:03 -0800
>
> >> You're creating a false dichotomy between safety-critical software and
> >> everything else. Emacs merely not avionics-grade software does not
> >> excuse the use of techniques that are both inherently incorrect and that
> >> add no real value and quite a bit of real danger.
> >
> > It's not false dichotomy, it's real. That you misunderstand this
> > crucial issue is the root cause of this dispute and of our fundamental
> > disagreement. You are applying theory outside of its domain of
> > applicability.
>
> You're not seeing that robustness applies to all software, not just
> "safety-critical" (however you define that) software, because users
> depend on software being predictable.
Robustness comes at a price. You are asking Emacs and its users to
pay a heavy price that they don't need to pay, because there are no
requirements for Emacs to be as robust as safety-critical software.
Engineering is about compromises: you design and implement your
systems to meet the requirements with some reasonable margin, but you
do not implement non-essential features that exert a significant
impact on what the product can or cannot do. Doing so is bad
engineering.
> >> You have *still* not presented any evidence, not one shred, that we have
> >> a real stack overflow problem that makes it worth relying on more than
> >> the auto-save functionality and that makes it worth reaching for unsafe
> >> and completely undefined behavior.
> >
> > Not sure what evidence you are looking for. Does the fact that 2 not
> > entirely stupid Emacs developers, each one with years of hacking Emacs
> > on their record, disagree with you constitute such an evidence?
>
> That's not evidence. It's the opinion of two people
The argument is about assessments. There could be no facts here, only
opinions. What else did you expect?
> one of whom previously said that the worst side effect of this
> scheme is a potential memory leak, a statement that suggests that
> the dangers of this scheme are not being appreciated.
Only if you think about Emacs as safety-critical piece of software
that must operate continuously, 24x7. Otherwise, memory leaks when
recovering from a disaster that happens very rarely is quite
acceptable, if it brings other benefits (such as not losing work).
> >> All you have is your assertion that Emacs is not safety-critical
> >> software, we can should use this technique, which you have not
> >> demonstrated saves anyone anything and which I have demonstrated is
> >> completely unsafe.
> >
> > We are not looking for safe techniques. That's exactly your mistake.
> > We are looking for pragmatically helpful techniques.
>
> I don't think this technique is even helpful. Quite the opposite,
> actually, if we start to pollute the module API with some facility for
> dealing with the result of this awful stack overflow scheme.
You are not objective, so you exaggerate the risks and dismiss the
benefits.
> *Anything* can happen, and there's no guarantee that what happens is
> better for the user than an immediate crash. Hell, you can even cause
> security problems with schemes of this sort.
Sorry, that's FUD.
next prev parent reply other threads:[~2016-01-03 18:08 UTC|newest]
Thread overview: 177+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 18:39 Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2015-11-25 18:50 ` Philipp Stephani
2015-11-25 19:24 ` Eli Zaretskii
2015-11-26 21:29 ` Paul Eggert
2015-11-27 7:35 ` Eli Zaretskii
2015-11-27 19:19 ` Philipp Stephani
2015-11-28 10:58 ` Philipp Stephani
2015-11-28 12:10 ` Eli Zaretskii
2015-12-19 21:03 ` Philipp Stephani
2015-12-19 22:57 ` Philipp Stephani
2015-12-20 15:47 ` Eli Zaretskii
2015-12-20 18:34 ` Philipp Stephani
2015-12-20 19:11 ` Eli Zaretskii
2015-12-20 21:40 ` Paul Eggert
2015-12-21 3:33 ` Eli Zaretskii
2015-12-21 11:00 ` Paul Eggert
2015-12-21 11:21 ` Yuri Khan
2015-12-21 11:34 ` Paul Eggert
2015-12-21 15:46 ` Eli Zaretskii
2015-12-21 18:15 ` Paul Eggert
2015-12-21 18:28 ` Daniel Colascione
2015-12-21 19:00 ` Eli Zaretskii
2015-12-21 20:19 ` Philipp Stephani
2015-12-21 19:04 ` Eli Zaretskii
2015-12-22 4:09 ` Paul Eggert
2015-12-22 4:38 ` Daniel Colascione
2015-12-22 4:48 ` Paul Eggert
2015-12-22 4:52 ` Daniel Colascione
2015-12-22 6:09 ` Paul Eggert
2015-12-22 6:14 ` Daniel Colascione
2015-12-22 6:33 ` Paul Eggert
2015-12-22 6:35 ` Daniel Colascione
2015-12-22 6:44 ` Paul Eggert
2015-12-22 6:53 ` Daniel Colascione
2015-12-22 16:13 ` Eli Zaretskii
2015-12-22 16:12 ` Eli Zaretskii
2015-12-22 17:26 ` Philipp Stephani
2015-12-22 17:51 ` Eli Zaretskii
2015-12-22 16:03 ` Eli Zaretskii
2015-12-22 16:39 ` Paul Eggert
2015-12-22 17:46 ` Eli Zaretskii
2015-12-22 23:28 ` Paul Eggert
2015-12-23 16:10 ` Eli Zaretskii
2015-12-23 16:20 ` Philipp Stephani
2015-12-23 16:46 ` Eli Zaretskii
2015-12-23 17:09 ` Paul Eggert
2015-12-23 17:18 ` Daniel Colascione
2015-12-24 2:51 ` Paul Eggert
2015-12-24 3:11 ` Daniel Colascione
2015-12-24 16:10 ` Eli Zaretskii
2015-12-24 17:04 ` Daniel Colascione
2015-12-24 17:17 ` John Wiegley
2016-01-03 14:27 ` Daniel Colascione
2016-01-03 15:46 ` Eli Zaretskii
2016-01-03 15:49 ` Daniel Colascione
2016-01-03 16:40 ` Eli Zaretskii
2016-01-03 16:50 ` Daniel Colascione
2016-01-03 17:20 ` Eli Zaretskii
2016-01-03 16:31 ` Paul Eggert
2016-01-03 16:48 ` Daniel Colascione
2016-01-03 18:07 ` Paul Eggert
2016-01-03 18:22 ` Daniel Colascione
2016-01-03 21:02 ` Paul Eggert
2016-01-03 21:12 ` Daniel Colascione
2016-01-03 23:11 ` Paul Eggert
2016-01-03 23:22 ` Daniel Colascione
2016-01-03 23:29 ` John Wiegley
2016-01-04 1:05 ` Paul Eggert
2016-01-04 1:07 ` Daniel Colascione
2016-01-04 15:38 ` Eli Zaretskii
2016-01-04 15:40 ` Daniel Colascione
2016-01-04 16:07 ` Eli Zaretskii
2016-01-04 20:32 ` John Wiegley
2016-01-04 20:34 ` Daniel Colascione
2016-01-04 20:35 ` Daniel Colascione
2016-01-04 22:06 ` John Wiegley
2016-01-04 15:24 ` Eli Zaretskii
2016-01-04 15:28 ` Daniel Colascione
2016-01-04 16:00 ` Eli Zaretskii
2016-01-03 17:16 ` Eli Zaretskii
2016-01-03 17:22 ` Daniel Colascione
2016-01-03 17:39 ` Eli Zaretskii
2016-01-03 17:49 ` Daniel Colascione
2016-01-03 18:08 ` Eli Zaretskii [this message]
2016-01-03 18:24 ` Daniel Colascione
2016-01-03 18:51 ` Eli Zaretskii
2016-01-03 19:04 ` Daniel Colascione
2016-01-03 19:15 ` Eli Zaretskii
2016-01-03 19:26 ` Daniel Colascione
2016-01-03 19:46 ` Eli Zaretskii
2016-01-03 19:47 ` Daniel Colascione
2016-01-03 19:49 ` John Wiegley
2016-01-03 20:14 ` Daniel Colascione
2016-01-04 3:17 ` Richard Stallman
2016-01-03 18:17 ` Paul Eggert
2016-01-03 17:43 ` Eli Zaretskii
2016-01-03 20:25 ` John Wiegley
2016-01-03 20:47 ` Daniel Colascione
2016-01-03 21:07 ` John Wiegley
2016-01-03 21:28 ` Daniel Colascione
2016-01-03 21:31 ` Daniel Colascione
2016-01-04 15:27 ` Eli Zaretskii
2016-01-04 15:29 ` Daniel Colascione
2016-01-04 16:01 ` Eli Zaretskii
2016-01-03 21:45 ` John Wiegley
2016-01-03 22:20 ` Daniel Colascione
2016-01-03 22:43 ` Crash recovery strategies (was: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) John Wiegley
2016-01-03 22:55 ` Crash recovery strategies Daniel Colascione
2016-01-03 22:59 ` John Wiegley
2016-01-03 23:04 ` Daniel Colascione
2016-01-03 23:20 ` John Wiegley
2016-01-03 23:47 ` John Wiegley
2016-01-03 23:51 ` Daniel Colascione
2016-01-04 0:12 ` John Wiegley
2016-01-04 15:40 ` Eli Zaretskii
2016-01-04 15:44 ` Daniel Colascione
2016-01-04 15:33 ` Eli Zaretskii
2016-01-04 15:34 ` Daniel Colascione
2016-01-04 16:02 ` Eli Zaretskii
2016-01-03 23:21 ` Paul Eggert
2016-01-03 23:24 ` Daniel Colascione
2016-01-03 23:28 ` John Wiegley
2016-01-04 0:51 ` Paul Eggert
2016-01-03 23:27 ` John Wiegley
2016-01-03 23:29 ` Daniel Colascione
2016-01-03 23:33 ` Sending automatic crash reports to the FSF (was: Crash recovery strategies) John Wiegley
2016-01-03 23:36 ` Sending automatic crash reports to the FSF Daniel Colascione
2016-01-03 23:39 ` John Wiegley
2016-01-03 23:48 ` Daniel Colascione
2016-01-04 1:34 ` Crash recovery strategies Drew Adams
2016-01-04 15:32 ` Crash recovery strategies (was: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) Eli Zaretskii
2016-01-04 15:35 ` Crash recovery strategies Daniel Colascione
2016-01-04 16:04 ` Eli Zaretskii
2016-01-05 4:48 ` Richard Stallman
2016-01-05 15:52 ` Eli Zaretskii
2016-01-05 16:37 ` Clément Pit--Claudel
2016-01-05 17:08 ` Eli Zaretskii
2016-01-05 17:38 ` Clément Pit--Claudel
2016-01-04 15:31 ` Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2016-01-04 15:41 ` Daniel Colascione
2016-01-04 16:13 ` Eli Zaretskii
2016-01-04 15:29 ` Eli Zaretskii
2016-01-04 15:26 ` Eli Zaretskii
2015-12-24 17:36 ` Eli Zaretskii
2015-12-24 18:06 ` Daniel Colascione
2015-12-24 19:15 ` Eli Zaretskii
2015-12-22 16:01 ` Eli Zaretskii
2015-12-22 16:32 ` John Wiegley
2015-12-22 20:31 ` Daniel Colascione
2015-12-22 20:46 ` Eli Zaretskii
2015-12-22 20:52 ` Daniel Colascione
2015-12-22 21:08 ` Eli Zaretskii
2015-12-22 21:18 ` Daniel Colascione
2015-12-23 16:07 ` Eli Zaretskii
2015-12-23 16:25 ` Crash robustness (Was: Re: Dynamic modules: MODULE_HANDLE_SIGNALS etc.) Daniel Colascione
2015-12-23 17:30 ` Eli Zaretskii
2015-12-23 17:41 ` Daniel Colascione
2015-12-23 17:55 ` Eli Zaretskii
2015-12-23 17:56 ` Daniel Colascione
2015-12-23 18:09 ` Eli Zaretskii
2015-12-23 18:19 ` Daniel Colascione
2015-12-23 18:45 ` Eli Zaretskii
2015-12-24 3:26 ` Daniel Colascione
2015-12-21 18:57 ` Dynamic modules: MODULE_HANDLE_SIGNALS etc Eli Zaretskii
2015-12-21 20:15 ` Philipp Stephani
2015-12-20 15:48 ` Eli Zaretskii
2015-12-20 18:27 ` Philipp Stephani
2015-12-20 19:00 ` Eli Zaretskii
2015-12-20 21:00 ` Philipp Stephani
2017-03-26 20:18 ` Philipp Stephani
2016-02-29 22:48 ` Philipp Stephani
2016-03-01 16:41 ` Paul Eggert
2016-03-01 21:43 ` Philipp Stephani
2016-03-02 18:54 ` Paul Eggert
2016-03-31 18:44 ` Philipp Stephani
2016-04-01 8:29 ` Paul Eggert
2015-11-28 23:20 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83wprq8riy.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=Emacs-devel@gnu.org \
--cc=dancol@dancol.org \
--cc=eggert@cs.ucla.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).