[zeromq-dev] zeromq, abort(), and high reliability environments

Michel Pelletier pelletier.michel at gmail.com
Wed Aug 13 00:22:09 CEST 2014


On Tue, Aug 12, 2014 at 2:42 PM, Michi Henning <michi at triodia.com> wrote:
>
> That seems a bit too simplistic to me. It's possible for an application to have some code path that is tickled only under highly unusual circumstances then causing invalid arguments to passed, even though the application is otherwise doing just fine. If the library aborts in this case, it sets policy in a way it isn't entitled to, IMO. Throwing an InvalidArgumentException instead, or returning an error in a C API is far better. Imagine the kernel were to apply the same strict policy and were to abort my process whenever I pass an invalid argument to a system call. It's just not the done thing.
>
> I believe the only time a library is entitled to abort is when it realizes that its own internal invariants are violated. Any other condition, such as resource exhaustion or pre-condition violation should be reported to the caller in a way that allows the caller to handle the error. It's up to the caller to call abort, not the library.

I agree with you in the sense that, specifically speaking about 0mq,
errors that can be checked synchronously (you called the function, and
the check happens then) should return sensible error codes that
binding authors should be responsible for checking and throwing (or
whatever) their language specific construct to indicate that.

However  there is a class of errors in 0mq that happen asynchronously.
There is no caller to return a code to or thrown an exception for.
Aborting is the only sensible option.  Unless we want to go down the
road CUDA went, where EVERY function documentation contains the words
"Note that this function may also return error codes from previous,
asynchronous launches."  It's impossible to use exceptions in that
case, because every caller would have to try to catch every possible
exception!  Madness.

Pieter's style is a bit more aggressive, but I accept it.  Having just
got done writing way too much C++ in the last week it's almost
refreshing.

-Michel



More information about the zeromq-dev mailing list