Mark Feit (2019-Feb-03, excerpt): > > What was not done: [...] > No effort has been made to do any kind of clean shutdown. I need some > advice from the learned on how to approach that.
IMHO it would not make sense to try to be overly smart here. A system with failing `malloc` is on the brink of desaster, and writing failsave code under these conditions is extremely difficult. For one, the recovery routines must not try to allocate memory. To be completely bulletproof, it would boil down to make darktable an entirely transactional system. Just giving up and freeing memory ASAP (for other services that might need it) is entirely justifiable. Recovery code tends to be extremely complex, or not catch the interesting cases — and as Johannes said: We don't expect `malloc` to fail, so it would be a lot of unused complexity. Also, Darktable uses SQLite which is a transactional database [1], so that should be consistent anyways. Just my 2 cents... ____________________ [1] https://www.sqlite.org/transactional.html -- http://stefan-klinger.de o/X I prefer receiving plain text messages, not exceeding 32kB. /\/ \ ___________________________________________________________________________ darktable developer mailing list to unsubscribe send a mail to darktable-dev+unsubscr...@lists.darktable.org
