Use abort instead of exit(2) in caml_fatal_error.#8630
Use abort instead of exit(2) in caml_fatal_error.#8630xavierleroy merged 4 commits intoocaml:trunkfrom
Conversation
2dcdc7a to
9749f90
Compare
|
A The other ones and those calling |
|
Well spotted! I turned calls to exit(2) in |
c621132 to
a3ff974
Compare
|
I think this is a good idea: when the OCaml runtime fails, it is better to However, I think the right thing to do here is to have |
a3ff974 to
83df152
Compare
Done. |
xavierleroy
left a comment
There was a problem hiding this comment.
I'm OK with the general idea: an internal error in the runtime system should abort() rather than exit(2).
However, not all calls to caml_fatal_error represent internal errors in the runtime system. Some are errors in the OCaml program being executed, and should not abort().
One instance is when the bytecode executable cannot be found, and you already took care of that.
Another instance, detailed below, is when the C code tries to raise an OCaml exception and the OCaml code isn't initialized yet. This case was carefully reported like an uncaught exception, and you turned it into an abort(). This is debatable.
83df152 to
77839c9
Compare
As I explained, I think it should be considered UB to call OCaml runtime functions if said runtime is not initialized. Most of the external functions of the OCaml runtime requires it to be initialized anyway (allocation...). I think the test in If you don't agree, then I'll be happy to go back to the previous version (which is just a little less factorized). I just need to know what you think to move forward :) |
ftr now I strongly support @dbuenzli idea of overridable C handler for this kind of unexpected situations. E.g. in our usecase we want to output log in some specific format so that our monitoring tools can track this situation same way as all other logs. Also from practice - we may not always want to do a coredump on oom (this contradicts what I said before, but that's what practice taught me - consuming all IO of a rood disk to get a 200G coredump is not always desirable). |
|
The size of core dumps is not a factor here: just use This said, I am sympathetic to the idea that users could provide their own handler function instead of the default |
Isn't it possible to install a signal handler for SIGABRT? |
This is a reasonable claim that is open for discussion. I still think you need to know why the code you're modifying is written the way it is written, and be aware of what you are changing, rather than changing it without understanding it. |
We still want to get (full) coredumps for real segfaults..
maybe, but I think explicit handler is better mechanism |
In the handler the context is lost, is the abort coming from OCaml or from C ? If my main is in C I may simply choose to shutdown the OCaml system and restart it. I think it's a good idea if the OCaml runtime strives to be treated as C library. In other words that it tries as much as possible not to fiddle with the non compositional aspects of the C runtime/standard library. |
|
@xavierleroy : alright, I restored the initial code for the three changes you mentioned. @dbuenzli , @ygrek : your wish is granted. |
xavierleroy
left a comment
There was a problem hiding this comment.
The diff is getting shorter, I like it :-) More seriously: this looks very good to me.
|
Do I understand correctly that the hook mechanism answers @ygrek's concerns about core dumps? Or is there still a problem with standalone applications? |
ygrek
left a comment
There was a problem hiding this comment.
I believe this covers all my concerns, yes
d86044b to
1a79cd2
Compare
|
I rebased, squashed the commits, and mentionned the new hook in Chances. @xavierleroy : if this looks good to you , then this should be ready to merge. |
1a79cd2 to
d1ea8d5
Compare
This makes it possible to get a core dump in case of a fatal error, which makes debugging easier. This also - turns a use of exit(2) to call to caml_fata_error - replaces some uses of caml_fatal_error to a call to exit(127), when the error results in misuse of the runtime - removes some useless calls to exit(-1)
When not NULL, this hook is called when a fatal error is encountered instead of printing an error message on stderr.
d1ea8d5 to
cddec18
Compare
|
@xavierleroy: you approved these changes one 1.5 months ago. Is there anything blocking the merge? |
|
I guess I was hoping someone else would bother to merge :-) Let's merge, then. |
This makes it possible to get a core dump in case of a fatal error, which makes debugging easier.
This has been suggested in #8628.