Bug 2845 – Event_Handler destructor should not call purge_pending_notifications()

First Last Prev Next No search results available

Details

Summary:

Event_Handler destructor should not call purge_pending_no...

Bug#:	2845
Product:	ACE
Component:	ACE Core
Status:	RESOLVED
Resolution:	FIXED

Hardware:	All
OS:	All
Version:	5.5.6
Priority:	P3
Severity:	normal
Target Milestone:	---

URL:

Whiteboard:

Depends on:

Blocks:

Show dependency tree - Show dependency graph

People

Reporter:	Carlos O'Ryan <coryan@atdesk.com>
Assigned To:	Carlos O'Ryan <coryan@atdesk.com>

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Related actions

Description:	Opened: 2007-03-06 09:15

We have reached consensus.  Calling purge_pending_notifications() from the
ACE_Event_Handler destructor is not a good idea.

1) At least "formally" this code is invoking undefined behavior.  The
destructor of ACE_Event_Handler calls purge_pending_notifications().  This
means that the object lifetime has already expired, and making any function
calls on the destructed object invokes undefined behavior.  Well, if there are
any pending notifications the reactor *will* call back and decrement the
reference count.  So the only way this code is "safe" is if there are no pending
notifications.

    This is not just C++ standard "legalese", I have seen problems in
practice with calls to virtual functions (remove_reference is virtual) from
destructors.  Admittedly, this is more common with pure virtual functions or
with a developer naively expecting the derived function to be called from
the base class destructor.

2) Consider the case when you are using reference counting.  Then the
destructor should never be called with any pending notifications.
Otherwise, the object was destroyed while the reactor held references (and
had increased the reference count) for all the pending notifications.  So
the purge_pending_notifications() call from the destructor is useful only if
the application has already violated the reference counting rules!


    Therefore, the call to purge_pending_notifications() is only legal and
useful if:
 (a) we are not using reference counting, and
 (b) then application is explicitly destroying the event handler without
waiting for more notifications, and
 (c) there are indeed pending notifications, otherwise the call is useless,
and
 (d) the platform happens to work "Okay" with calls to virtual functions
from the destructor.

    I think it would be better to add a new reactor rule:

===== You shall not delete handlers if there are pending notifications on
the handler.

    the applications that need help following this rule can use the
reference counting for event handlers.  When the last notification is
delivered (or purge) the event handler would be automatically deleted.

------- Comment #1 From Carlos O'Ryan 2007-03-08 19:01:13 -------

Fixed in revision 77624, please check the following ACE/ChangeLog entry for
more
details:

Fri Mar  9 00:57:26 UTC 2007  Carlos O'Ryan  <coryan@atdesk.com>

First Last Prev Next No search results available