> On 19 Feb 2015, at 6:15 pm, jan i <[email protected]> wrote: > > On 19 February 2015 at 05:05, Peter Kelly <[email protected]> wrote: > >> The next thing to address i cleanup. If a malloc failure occurs deep in a >> conversion run, and we jump out to an exception handler, we should free all >> memory that was allocated during that run. This means wrapping >> malloc/calloc/realloc/strdup and any other functions in the C library, and >> using our own data structure to keep track of what has been allocated (and >> also to update this data structure when memory is freed). Then, if an error >> occurs, after we return to the call site of setjmp() and go into the >> exception handling block, we go through this data structure and call free() >> on all the blocks of memory that were allocated by DocFormats, so the >> application can then show an error message and then continue operating. >> > Now this is quite a different discussion.....do we want to recover > gracefully from severe errors or simply make sure the whole application > terminates. > > I advocate that we cannot recover gracefully from all severe errors, so no > reason breaking our backs trying.
I think it’s worth a try. The exception handling approach along the lines of what I mentioned I did with TeX would work. If we ensure all allocations go through our wrapper functions, then we can ensure that memory is freed when we do have a problem, and then return an appropriate error code to the application. Of course that doesn’t address logic errors in the code, which can still cause crashes, but would nicely handle the case of out-of-memory problems. The wrapper functions will also make testing of this much easier; we can have a test driver option that causes allocation to fail after a randomly-chosen number of calls, and repeat a conversion with the same input many times but different failure injection points. — Dr Peter M. Kelly [email protected] PGP key: http://www.kellypmk.net/pgp-key <http://www.kellypmk.net/pgp-key> (fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)
