2012/4/24 Felipe Contreras <felipe.contreras@gmail.com>: > On Tue, Apr 24, 2012 at 4:15 AM, Austin Clements <amdragon@mit.edu> wrote: >> Quoth Felipe Contreras on Apr 24 at 3:45 am: >>> On Tue, Apr 24, 2012 at 2:46 AM, Ali Polatel <alip@exherbo.org> wrote: >>> > 2012/4/24 Felipe Contreras <felipe.contreras@gmail.com>: >>> >>> >> Personally I don't see why an object, like say a query would remain >>> >> working correctly after the database is gone, either by calling >>> >> .close() directly, or just loosing the pointer to the original object. >>> >> I don't think users would expect that, or, even if they somehow found >>> >> it useful, that most likely would be very seldom, and hardly worth >>> >> worrying about it. >>> > >>> > Working correctly is not expected but wouldn't it be more appropriate >>> > to throw an exception rather than dumping core or printing on standard error? >>> >>> Sure, if that was possible. >>> >>> > I wonder whether we can make both work somehow. >>> > Maybe by using talloc explicitly and keeping reference pointers? >>> > I don't know whether it's worth bothering. >>> >>> Maybe, I don't see how, that's just not how C works. Maybe talloc does >>> have some way to figure out if a pointer has been freed, but I doubt >>> that, and I can't find it by grepping through the API. >>> >>> Another option would be hook into talloc's destructor so we know when >>> an object is freed and taint it, but then we would be overriding >>> notmuch's destructor, and there's no way around that (unless we tap >>> into talloc's internal structures). A way to workaround that would be >>> to modify notmuch's API so that we can specify a destructor for >>> notmuch objects, but that would be tedious, and I doubt a lof people >>> beside us would benefit from that. >> >> I believe (though I might be wrong) that bindings could simply >> maintain their own talloc references to C objects returned by >> libnotmuch to prevent them from being freed until the wrapper object >> is garbage collected. This would require modifying all of the >> library's _destroy functions to use talloc_find_parent_bytype and >> talloc_unlink instead of simply calling talloc_free, but I don't think >> this change would be particularly invasive and it certainly wouldn't >> affect the library interface. > > That might work, but still, I don't see why this patch can't be applied. I don't have anything against applying this patch. If this fix has a kind of urgency -and I doubt it does- please get someone to push the patch. Below is my confirmation to accept the consequences: LGTM Otherwise, I'd rather we fix it properly most probably using the method described in Austin's previous mail. > Cheers. > > -- > Felipe Contreras -alip