On 10/3/2013 2:15 PM, nazriel wrote:
Music player (as example) do not kill people if they fail. Aborting whole music player just because Visualisation plugin had access violation is pointless.
How does the music player know the fault is in the plugin and it could be safely continued?
It doesn't. It cannot. With a shared address space, it could be anywhere.
You can't put every use case into the same bag...
I doubt the users would be pleased if continuing running the program resulted in further corruption of the system, including the user's data. Yes, and I've used music players that did that. It sux having to rebuild the music database from backups every time. It doesn't make me think kindly of the player's developers.
A properly designed system with user-supplied plugins that needed to recover from plugin failure would put those plugins in a separate process space, so when they crash they cannot affect the rest of the system. Any other scheme is just a bad design, although it may be convenient from a developer cost standpoint to write it that way.
And lastly, such badly designed plugin systems are rich vectors for people to insert malware into your system. See ActiveX for an example.
