[Gnucash-changes] Eliminate a double free of memory.

Chris Shoemaker c.shoemaker at cox.net
Fri Jun 3 15:24:31 EDT 2005

On Fri, Jun 03, 2005 at 02:16:46PM -0400, David Hampton wrote:
> On Fri, 2005-06-03 at 11:11 -0400, Chris Shoemaker wrote:
> > On Fri, Jun 03, 2005 at 09:14:19AM -0400, Derek Atkins wrote:
> > > So I don't think we need to do anything.  What we've got works just fine (modulo
> > > the bug that hampton fixed already).
> > 
> > It's better to design out a bug than to patch it out. 
> Normally I would agree with you.  In this particular case, I tried to do
> that three years ago and ended up throwing up my hands and declaring
> that I had better things to do.

I can sympathize.

> > 1) It's an abuse of the documented gtk destroy api, which is only
> > suppose to break references, NOT free anything.
> We're reading the documentation differently.
>     Because these references are released, calling gtk_object_destroy()
>     unless some buggy code fails to release its references in response
>     to the "destroy" signal.
> Emphasis mine.  This begs the question of whether the gnucash data
> structure that is intimately tied to the dialog is considered memory
> associated with an object.  As an object implementor, I'd say no.  As a
> gnucash developer, I'd say yes, since the majority of the fields in the
> data structure point to widgets within the dialog, and all of these
> pointers will be invalidated when the dialog is destroyed.

That question is not really relevant.  "should result in" is correct,
but it means indirectly as a result of ref count dropping to 0.  Look
at the api docs for the gtk_object_destroy() function:

    Emits the "destroy" signal notifying all reference holders that
    they should release the GtkObject... The memory for the object
    itself won't be deleted until its reference count actually drops to 0;
    gtk_object_destroy() MERELY ASKS reference holders to RELEASE THEIR

Emphasis mine.  It's not very ambiguous.

> > (Freeing is handled by finalize, and only when refcount = 0.)
> Finalize is not a signal, its a gobject class virtual function.  Its
> only available to object implementors, not code that uses objects that
> were implemented elsewhere.  If you want to use finalize here then
> you'll need to subclass a GtkWindow.

That's right, because we don't have to worry about finalization.  It
will happen automatically when refcount == 0.  All we have to do
correctly is call object_ref when we save a reference to the dialog,
(and unref when we release, of course.)

> > BTW, I'm _really_ not a design nazi.  I just _look_ like one next to
> > you.  :) You seem to think that anything in GC that works must be a good
> > design.
> That's unfair Chris.  I don't think I've ever heard Derek say that its a
> good design, only that it works so why change it.

I certainly don't mean to be unfair, and I apologize if Derek thinks I
was.  Derek didn't say it was a good design, but it's pretty hard to
get him to say anything in GC is a _bad_ design.  I really think that
he's just spent so long with GC code, that almost everything there
looks reasonable to him, even stuff that, IMHO, isn't very reasonable.

> > You might try being a bit more open-minded about proposals
> > for design improvements, especially coming from people who've proven a
> > willingness to code, 
> Also unfair.  I'd say Derek's probably the main person who has kept this
> project going for the last couple of years.


> Lets see.  Derek did the following:
> 1) Pointed out that events may be turned off in the CM so that the close
> function is called long after the gtk_widget_destroy function has
> finished.  I had completely forgotten it might do that and was assuming
> all the calls were synchronous.
> 2) Pointed out that other windows/dialogs have the same code.  My guess
> would be that they all do.
> 3) Stated that he doesn't think its a bug, and that we don't need to re-
> architect the code.
> The first is a crucial point for designing a solution.  The second is
> pointing out the scale of the problem.  The third is his viewpoint on
> the issue.  

All good points.

> You've clearly taken offense that he doesn't agree with you
> that this is a heinous design issue that needs to be fixed immediately.

That's not really true.  "Offense" is too strong; It'd be more
accurate to say that I'm "concerned" that he doesn't agree with me
that this is a design issue _at_all_, and furthermore, (actually this
is more of the real concern:) that this is just one example
representative of a rather long list of (IMO) design "weaknesses"
about which we disagree.  

> While I agree that this component manager/gtk interaction code isn't the
> best written code, its served it purpose over the last five years.  I
> think there are more important things to fix and ideas to implement, but
> if this is what you want to work on, more power to you.  

That's a refreshing attitude.

<snip comments on ref holding>
> I can't speak for Derek, but I'm willing to look at any changes you
> propose for this area.  They just have to be thoroughly tested (e.g.
> normal close, window manager close, CM close, application killed, etc.)
> before I will spend much time on them.  I'm still overwhelmed with gtk2
> changes/cleanups, and I've barely even cracked the new "Human Interface
> Guidelines" document.
> > Maybe being more honest about GC's design, ehm, weaknesses, would
> > encourage more developer participation.
> Sure, gnucash has design weaknesses.  I'm not sure this should be
> considered a big one.  I'd be more concerned about the code paths that
> have multiple nested calls from C to Scheme to C, or the fact that half
> of the startup logic is in Scheme, or that the register is one giant
> hairy mess of a Gnome Canvas studded with hand drawn boxes linked to an
> off-screen GtkEntry with some of the most twisted and tortured logic
> I've seen.  I'm sure I can come up with more.

Agreed on all counts.


More information about the gnucash-devel mailing list