You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucy.apache.org by "Marvin Humphrey (JIRA)" <ji...@apache.org> on 2010/01/31 06:53:36 UTC

[jira] Created: (LUCY-98) Clownfish::Type qualifier "nullable"

Clownfish::Type qualifier "nullable"
------------------------------------

                 Key: LUCY-98
                 URL: https://issues.apache.org/jira/browse/LUCY-98
             Project: Lucy
          Issue Type: Improvement
          Components: Clownfish
            Reporter: Marvin Humphrey
            Assignee: Marvin Humphrey


Most Lucy methods which return objects may not return NULL.   Internal Lucy
code does not NULL-check the return values of such methods before using them
-- for efficiency's sake, it trusts that the source has upheld the API
contract and returned a real object of the correct type.

If we screw up our C code and return NULL from such a method we'll get a
segfault, but that's OK -- we're C developers and we know how to deal with
segfaults.

The problem arises when a host-language user creates a custom subclass and
overrides a method that's not supposed to return NULL, but screws up and e.g.
returns undef from Perl.  Their invalid undef gets translated to NULL at the
binding boundary, hits our C code and triggers a segfault -- but this time,
the user is *not* prepared to troubleshoot segfaults.

We don't want to litter every single method invocation with NULL checks --
especially since only a small minority of methods which return pointers might
legally return NULL.

The solution is to introduce a "nullable" type qualifier to Clownfish. 

{code:none}
    /** Open an InStream, or set Err_error and return NULL on failure.
     * 
     * @param path A relative filepath.
     * @return an InStream.
     */
    public incremented nullable InStream*
    Open_In(Folder *self, const CharBuf *path);
{code}

The callback wrappers we auto-generate can then know that they should perform
NULL-checking of return values when the return type does not have a "nullable"
qualifier -- and throw an exception before inner Lucy code has the chance to
deref the NULL pointer and segfault.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (LUCY-98) Clownfish::Type qualifier "nullable"

Posted by "Marvin Humphrey (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/LUCY-98?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marvin Humphrey resolved LUCY-98.
---------------------------------

    Resolution: Fixed

Committed as r907740.

> Clownfish::Type qualifier "nullable"
> ------------------------------------
>
>                 Key: LUCY-98
>                 URL: https://issues.apache.org/jira/browse/LUCY-98
>             Project: Lucy
>          Issue Type: Improvement
>          Components: Clownfish
>            Reporter: Marvin Humphrey
>            Assignee: Marvin Humphrey
>         Attachments: nullable.diff
>
>
> Most Lucy methods which return objects may not return NULL.   Internal Lucy
> code does not NULL-check the return values of such methods before using them
> -- for efficiency's sake, it trusts that the source has upheld the API
> contract and returned a real object of the correct type.
> If we screw up our C code and return NULL from such a method we'll get a
> segfault, but that's OK -- we're C developers and we know how to deal with
> segfaults.
> The problem arises when a host-language user creates a custom subclass and
> overrides a method that's not supposed to return NULL, but screws up and e.g.
> returns undef from Perl.  Their invalid undef gets translated to NULL at the
> binding boundary, hits our C code and triggers a segfault -- but this time,
> the user is *not* prepared to troubleshoot segfaults.
> We don't want to litter every single method invocation with NULL checks --
> especially since only a small minority of methods which return pointers might
> legally return NULL.
> The solution is to introduce a "nullable" type qualifier to Clownfish. 
> {code:none}
>     /** Open an InStream, or set Err_error and return NULL on failure.
>      * 
>      * @param path A relative filepath.
>      * @return an InStream.
>      */
>     public incremented nullable InStream*
>     Open_In(Folder *self, const CharBuf *path);
> {code}
> The callback wrappers we auto-generate can then know that they should perform
> NULL-checking of return values when the return type does not have a "nullable"
> qualifier -- and throw an exception before inner Lucy code has the chance to
> deref the NULL pointer and segfault.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (LUCY-98) Clownfish::Type qualifier "nullable"

Posted by "Marvin Humphrey (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/LUCY-98?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marvin Humphrey updated LUCY-98:
--------------------------------

    Attachment: nullable.diff

> Clownfish::Type qualifier "nullable"
> ------------------------------------
>
>                 Key: LUCY-98
>                 URL: https://issues.apache.org/jira/browse/LUCY-98
>             Project: Lucy
>          Issue Type: Improvement
>          Components: Clownfish
>            Reporter: Marvin Humphrey
>            Assignee: Marvin Humphrey
>         Attachments: nullable.diff
>
>
> Most Lucy methods which return objects may not return NULL.   Internal Lucy
> code does not NULL-check the return values of such methods before using them
> -- for efficiency's sake, it trusts that the source has upheld the API
> contract and returned a real object of the correct type.
> If we screw up our C code and return NULL from such a method we'll get a
> segfault, but that's OK -- we're C developers and we know how to deal with
> segfaults.
> The problem arises when a host-language user creates a custom subclass and
> overrides a method that's not supposed to return NULL, but screws up and e.g.
> returns undef from Perl.  Their invalid undef gets translated to NULL at the
> binding boundary, hits our C code and triggers a segfault -- but this time,
> the user is *not* prepared to troubleshoot segfaults.
> We don't want to litter every single method invocation with NULL checks --
> especially since only a small minority of methods which return pointers might
> legally return NULL.
> The solution is to introduce a "nullable" type qualifier to Clownfish. 
> {code:none}
>     /** Open an InStream, or set Err_error and return NULL on failure.
>      * 
>      * @param path A relative filepath.
>      * @return an InStream.
>      */
>     public incremented nullable InStream*
>     Open_In(Folder *self, const CharBuf *path);
> {code}
> The callback wrappers we auto-generate can then know that they should perform
> NULL-checking of return values when the return type does not have a "nullable"
> qualifier -- and throw an exception before inner Lucy code has the chance to
> deref the NULL pointer and segfault.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.