[getdns-api] getdns_return_t for destroy methods
ngoyal at verisign.com
Sat Mar 8 12:03:17 MST 2014
Here is some code that illustrates the particular problem (error checking omitted for brevity): https://gist.github.com/ngoyal/9436881 - getdns_context_destroy can be called on the same context multiple times before the first call to getdns_context_destroy returns because the destroy method must cancel all outstanding requests. Canceling those requests ends up calling the same callback which in turns calls destroy.
This isn't unmanageable, but managing it leads to hairy code as it has to deal with the re-entrant nature of the problem. Without proper management, this could lead to some serious problems as the pointers "dangle" and point to invalid memory - NULL checks fail in that case and seg faults are bound to occur. Remember that in C, calling free(ptr); does not mean that ptr == NULL when it returns. Calling free(ptr) again will end up causing undefined behavior in the program (most likely a crash).
In the gist code, the context_destroy method that is called within the callback could return an error code indicating that it cannot be destroyed while firing a callback. In the common case, most folks probably won't destroy a context within a callback, but as implementors, we must ensure we work without crashing in as many cases we can think of.
From: Paul Hoffman [paul.hoffman at vpnc.org]
Sent: Saturday, March 08, 2014 12:18 PM
To: Goyal, Neel
Cc: getdns-api at vpnc.org
Subject: Re: [getdns-api] getdns_return_t for destroy methods
On Mar 8, 2014, at 3:05 PM, Goyal, Neel <ngoyal at verisign.com> wrote:
> The major area of concern is when destroying a context in a callback - there are a lot of edge cases and re-entrant scenarios that make this code a bit hairier than it needs to be. A return code would allow implementations to enforce that contexts can't be destroyed in the callbacks they are firing and communicate that back to the user.
I'm still not seeing it. If you have a destroyer, in what circumstance would it not come back with "I've destroyed it"?
More information about the getdns-api