ctrl+c and destructors
deadalnix
deadalnix at gmail.com
Thu Oct 3 16:18:31 PDT 2013
On Thursday, 3 October 2013 at 22:38:18 UTC, Walter Bright wrote:
> On 10/3/2013 2:15 PM, nazriel wrote:
>> Music player (as example) do not kill people if they fail.
>> Aborting whole music player just because Visualisation plugin
>> had access
>> violation is pointless.
>
> How does the music player know the fault is in the plugin and
> it could be safely continued?
>
Because a music player can ALWAYS safely continue. Worst case
scenario, if behave erratically and is killed by user.
A car firmware kill people if they behave erratically. The right
choice is to kill it if anything look wrong.
A media player won't kill anyone.
> A properly designed system with user-supplied plugins that
> needed to recover from plugin failure would put those plugins
> in a separate process space, so when they crash they cannot
> affect the rest of the system. Any other scheme is just a bad
> design, although it may be convenient from a developer cost
> standpoint to write it that way.
>
Yes. Anything is a cost benefit tradeoff. The cost of developing
a sandboxing solution is way higher than doing some recovery that
will fail in 1% of the case in a way that won't kill anyone.
And unless phobos get a sandboxing solution builtin, the argument
will stand.
More information about the Digitalmars-d
mailing list