Atlas

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> Hi Brian, Some things turn out to be VERY SIMPLE!

    Geoff> You set the lat,lon in the code -

    Geoff> assert(sscanf(name, "%c%3d%c%2d", &ew, &_lon, &ns, &_lat) == 4);

[...]

    Geoff> But more to the point what do you want to do about
    Geoff> this?  -------------------------------------------------------

[...]

    Geoff> C) We go through the code, and move NEEDED code OUT of the
    Geoff> 'assert' statement, like I have done above for the
    Geoff> sscanf... a quick count shows there are only a few of these -
    Geoff> less than 10... only about 5-6 files...

[...]

    Geoff> This is my choice...

I would agree.  Putting an assert() around functional code is a mistake.
Leaving it around sanity tests is fine.  I'll make the changes as
suggested in your patch.

    Geoff> PS: You can leave the Atlas-ext.zip out completely for the
    Geoff> moment... it would have be changed anyway if the A) option is
    Geoff> chosen... but will explain more later...

Will do.

Brian

Hi Brian,

> Putting an assert() around functional code is a mistake.

If this is the case then you missed two(2) important cases
in misc.cxx, namely the gzgets() function... ;=()

The attached patch addresses that, and a few other items
as well... In the attached zip file, I have BOTH
atlas-diff09c.patch - a unix format file, and
atlas-diff09c.patch.txt - a windows format file,
but they cover the same things.

Advise which is easier for you to handle, and I will
only send one in future.

Notes on Patches:

1. src\FlightTracksOverlay.cxx
------------------------------

As the comment states, this is just some code to try to
make the user's life easier, and conforms to what we
presently do with other Atlas DATA type files, like
the *.txf and background.jpg files...

So after first checking for the image in <fg-root>/Atlas,
I then check in the path given in the --atlas=<path>
command...

I not found, report MISSING in BOTH places, but otherwise
fix the prefs.airplaneImage string to the name of the
file used... in case it is ever written to a 'preference'
file... or some 'reload' function...

With this in place, I have now DELETED the <fg-root>/Atlas
folder completely... preferring for the moment to ALWAYS
check the --atlas=<dir> given.

2. src\misc.cxx
---------------

(a) As advised above, moved the TWO gzgets() functions OUT
of the 'assert', and EXIT with a stderr message if the
function fails, as you have done in other cases like
this.

(b) Likewise, if the 'realloc' FAILS - message and exit(1)

(c) The full latest patch of the vsnprinf() function for windows.
As advised, not only do we have to use a -1 'count' length,
but for case where the string is EXACTLY the 'count' length,
must ensure the buffer is null terminated.

That is always set _buf[_size - 1] to null...

3. src\Notifications.cxx
------------------------

I do NOT understand this one exactly, but with the
'assert' it always fails on exit. I added some debug code,
and found that the _notifications.size() is ALWAYS zero(0)
when this function 'destructor' is called???

As stated, do NOT understand this... it seems the 'vector'
_notifications has already been cleared before the exit
reaches this 'delete' phase??? Perhaps when it went
out-of-context at program termination???

More to be checked on this, but definitely the 'assert'
must be removed for the _MSC_VER application exit. Also
see note on 'memory leaks' below. Maybe it is really not
necessary to clear this vector...

4. src\TileMapper.cxx
---------------------

You may not consider moving this code out of the 'assert'
necessary, but I understand glGetError() also CLEARS any
existing, previous error... and this conforms to moving
'code' out of an 'assert' anyway...

Summary:
--------

With all these last few patches in place, it no longer
becomes necessary the UN DEFINE NDEBUG in the Release
build, since ALL necessary code will have been moved
out of the 'assert'.

As explained, this is good in that 'un defining' the
'standard' MSVC define of NDEBUG in Release configuration
really did _NOT_ feel good. But with _ALL_ the code moved
_OUT_ of the 'assert', then it seems we can revert to
'standard' MSVC behavior ;=))

I do have quite a bunch of patches for my projects/msvc
folder, and the projects/msvc/winsrc folder, but I have
been holding these back until we have full agreement on
the 'assert', and other things, since what is decided/done
for this/these can change some other things in here...

Once these last few are in CVS, I will send this final
sort of MSVC only patch, and Atlas/Map will be ready for
PRIME (native windows) TIME ;=))

And at that time maybe we can persuade the Ubuntu 'team'
to upgrade the Atlas distribution from 0.3 to 0.4 ;=))
But unsure how to go about this?

Memory Leaks:
=============

Technically I do not agree with your 'Fixed some
memory leaks' log message in cvs. To me a memory 'leak'
is ONLY when an application allocates some memory,
replacing an existing allocation, like
 char * buf = malloc(size);
 ... then some time later ...
 buf = malloc(size);

I do not know exactly about MAC/unix, but absolutely in
windows, ALL memory is freed when an application
exits back to the OS. That is the system loader frees
up _ALL_ space used by the application unconditionally.

It is really only a 'leak', when the application
ignores existing allocated memory, and allocates
MORE memory for the same task, and effectively loses
the previous allocation pointer. This is my definition
of a 'leak'...

So, leaving un freed memory at application exit is
'untidy' coding, but that is all, not a 'leak', and
in windows this causes no 'memory' problems for the
system or other applications...

Maybe this is different in the MAC, and unix... And
maybe I got it all wrong anyway ;=()

The important thing is getting at least the two(2)
'gzgets()' out of the 'assert'...

Regards,

Geoff.

attached: atlas-diff09-patch.zip, contain the same patch
file in 2 different formats, unix and windows, using a
small perl script I have - patch-conv.pl. This script
also removes the 'Only in ...' lines...

Advise which is best for you, or maybe it does not matter.

Tonight, I did an update of the CVS source code.  When I run it from the
command line, it ran fine until I exited and then I gott a segmentation
fault and core dump.  Here's the backtrace from gdb:

(gdb) bt
#0  0x0000003e6ba74be5 in malloc_consolidate () from /lib64/libc.so.6
#1  0x0000003e6ba774f8 in _int_free () from /lib64/libc.so.6
#2  0x000000000042339c in __gnu_cxx::new_allocator<NAV*>::deallocate (
    this=0x17f8ed0, __p=0x42e4680)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.3/../../../../include/c
++/4.4.3/ext/new_allocator.h:95
#3  0x0000000000422472 in std::_Vector_base<NAV*, std::allocator<NAV*>
>::_M_deallocate (this=0x17f8ed0, __p=0x42e4680, __n=32768)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.3/../../../../include/c
++/4.4.3/bits/stl_vector.h:146
#4  0x0000000000420e6b in std::_Vector_base<NAV*, std::allocator<NAV*>
>::~_Vector_base (this=0x17f8ed0, __in_chrg=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.3/../../../../include/c
++/4.4.3/bits/stl_vector.h:132
#5  0x000000000041f34c in std::vector<NAV*, std::allocator<NAV*>
>::~vector (
    this=0x17f8ed0, __in_chrg=<value optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/4.4.3/../../../../include/c
++/4.4.3/bits/stl_vector.h:313
#6  0x000000000043afa1 in NavaidsOverlay::~NavaidsOverlay
(this=0x17f8ea0, 
    __in_chrg=<value optimized out>) at NavaidsOverlay.cxx:303
#7  0x000000000043b024 in NavaidsOverlay::~NavaidsOverlay
(this=0x17f8ea0, 
    __in_chrg=<value optimized out>) at NavaidsOverlay.cxx:303
#8  0x0000000000429fa3 in Overlays::~Overlays (this=0x17f7830, 
    __in_chrg=<value optimized out>) at Overlays.cxx:74
---Type <return> to continue, or q <return> to quit---
#9  0x0000000000487fdb in Globals::~Globals (this=0x6ee3e0, 
    __in_chrg=<value optimized out>) at Globals.cxx:46
#10 0x0000003e6ba35b82 in exit () from /lib64/libc.so.6
#11 0x0000003e72e21c70 in glutMainLoopEvent ()
from /usr/lib64/libglut.so.3
#12 0x0000003e72e21d25 in glutMainLoop () from /usr/lib64/libglut.so.3
#13 0x000000000041bf78 in main (argc=10, argv=0x7fffa1adf298) at
Atlas.cxx:4683
(gdb) 

Btw, tonight was the first time in awhile that I've run Atlas from the
command line.  Usually, I run it from a shell script that's launched
from a desktop icon.  So, it *might* be possible that Atlas was
segfaulting before (i.e. tonight's update didn't introduce the problem)
but I didn't see it because I wasn't at a command window.

Regards,

Chris

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> The attached patch addresses that, and a few other items as
    Geoff> well... In the attached zip file, I have BOTH
    Geoff> atlas-diff09c.patch - a unix format file, and
    Geoff> atlas-diff09c.patch.txt - a windows format file, but they
    Geoff> cover the same things.

    Geoff> Advise which is easier for you to handle, and I will only
    Geoff> send one in future.

Either is fine.  I actually never apply patches directly using the
'patch' command.  Instead, I go through the patch file, look at the
suggested changes, decide if they're necessary or not, modify them as I
see fit, ....  So the file suffix doesn't matter to me.

Brian

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> 3. src\Notifications.cxx ------------------------

    Geoff> I do NOT understand this one exactly, but with the 'assert'
    Geoff> it always fails on exit. I added some debug code, and found
    Geoff> that the _notifications.size() is ALWAYS zero(0) when this
    Geoff> function 'destructor' is called???

    Geoff> As stated, do NOT understand this... it seems the 'vector'
    Geoff> _notifications has already been cleared before the exit
    Geoff> reaches this 'delete' phase??? Perhaps when it went
    Geoff> out-of-context at program termination???

    Geoff> More to be checked on this, but definitely the 'assert' must
    Geoff> be removed for the _MSC_VER application exit. Also see note
    Geoff> on 'memory leaks' below. Maybe it is really not necessary to
    Geoff> clear this vector...

It is necessary to remove subscribers from the sets inside the vector
(that's what _notifications[i].erase(s) does), but not necessary to
clear the vector (in the sense of calling vector::clear()).

Note that the size of the vector never changes - it should always be
Notification::All elements long.  I never do anything to change its
length.  There's something going on here, and we need to figure out what
it is.  Maybe you should add a check for length in the other
Notification methods to see if _notifications has the right length, or
add a printf() to Notification::unsubscribe() (it isn't called very
often).  I've just run a test here and it always has the right length on
OS X.

Brian

>>>>> "Chris" == Chris O'Neill  writes:

    Chris> Tonight, I did an update of the CVS source code.  When I run
    Chris> it from the command line, it ran fine until I exited and then
    Chris> I gott a segmentation fault and core dump.  Here's the
    Chris> backtrace from gdb:

[...]

    Chris> Btw, tonight was the first time in awhile that I've run Atlas
    Chris> from the command line.  Usually, I run it from a shell script
    Chris> that's launched from a desktop icon.  So, it *might* be
    Chris> possible that Atlas was segfaulting before (i.e. tonight's
    Chris> update didn't introduce the problem) but I didn't see it
    Chris> because I wasn't at a command window.

Perhaps, but probably not.  Last night I checked in some changes, one of
which involved calling the destructor for the Overlays object (which in
turn calls the destructors for the various overlays - NavaidsOverlay,
AirportsOverlay, ...).  It had never been called before.  It caused a
few problems here (on OS X) that I solved, but it's not surprising there
are problems still remaining on other systems.  I can't wait until
Windows gets a hold of it. :-)

Anyway, I'll take a look at your stacktrack and see if I can figure out
what's going on.

Brian

On Wed, 2010-05-19 at 23:35 -0600, Brian Schack wrote:
> >>>>> "Chris" == Chris O'Neill  writes:
>     Chris> I gott a segmentation fault and core dump.
[snip]
> Last night I checked in some changes, one of
> which involved calling the destructor for the Overlays object...
[snip]

Hi Brian,

In Ubuntu 64-bits. Have not yet re-checked windows,
but it seems the problem is in the same area of
code...

Did a Ubuntu cvs update, and re-compile... then added
some debug printf() stuff here and there...

subscribe: type = 3, size = 10
Got many of these, from the code...
bool Notification::subscribe(Subscriber *s, type n) {
    printf("subscribe: type = %d, size = %d\n", n,
 _notifications.size());
always with the size 10, then, on 'q', got from similar
printf() code in unsubscribe, only presently called on
exit...

Got 'q'... Quitting...
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10
*** glibc detected *** /home/geoff/fg/fg8/install/Atlas/bin/Atlas:
double free or corruption (!prev): 0x0000000002e73c50 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f932aa8c08a]
/lib/libc.so.6(cfree+0x8c)[0x7f932aa8fc1c]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x409d81]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x409e08]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x409987]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x42ccfb]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x421bb3]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x4620f9]
/lib/libc.so.6(exit+0xe0)[0x7f932aa4d110]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x41642b]
/usr/lib/libglut.so.3(glutMainLoopEvent+0x493)[0x7f932d438723]
/usr/lib/libglut.so.3(glutMainLoop+0xa8)[0x7f932d438c48]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas[0x41b5c7]
/lib/libc.so.6(__libc_start_main+0xf4)[0x7f932aa361c4]
/home/geoff/fg/fg8/install/Atlas/bin/Atlas(__gxx_personality_v0
+0x431)[0x409789]
======= Memory map: ========
00400000-004c6000 r-xp 00000000 08:14
5101524                            /home/geoff/fg/fg8/install/Atlas/bin/Atlas
006c6000-006cb000 rw-p 000c6000 08:14
5101524                            /home/geoff/fg/fg8/install/Atlas/bin/Atlas
006cb000-09ebb000 rw-p 006cb000 00:00 0
[heap]
7f930c000000-7f930c021000 rw-p 7f930c000000 00:00 0 
7f930c021000-7f9310000000 ---p 7f930c021000 00:00 0 
7f9313e0d000-7f9313f0d000 rw-s 00396000 00:0e
14718                      /dev/dri/card0
... and miles more stuff, like this...


This was repeated every time on 'quit'...
Command line was: ./Atlas --airport=KSFO --udp \
 --fg-root=/home/geoff/fg/fg8/fgfs/data \
 --atlas=/home/geoff/fg/fg8/install/Atlas/maps \
 --palette=/home/geoff/fg/fg8/Atlas/src/data/Palettes/default.ap \
 --airplane=/home/geoff/fg/fg8/Atlas/src/data/airplane_image.png

Then running Atlas under 'gdb', and on quit got the same...
Got 'q'... Quitting...
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10
*** glibc detected *** /home/geoff/fg/fg8/install/Atlas/bin/Atlas:
double free or corruption (!prev): 0x0000000002e73c90 ***
etc, etc, etc, etc...

Then the gdb backtrace...
(gdb) bt
#0  0x00007f284ffa4095 in raise () from /lib/libc.so.6
#1  0x00007f284ffa5af0 in abort () from /lib/libc.so.6
#2  0x00007f284ffdea7b in __libc_message () from /lib/libc.so.6
#3  0x00007f284ffe608a in _int_free () from /lib/libc.so.6
#4  0x00007f284ffe9c1c in free () from /lib/libc.so.6
#5  0x0000000000409d81 in std::_Rb_tree<Subscriber*, Subscriber*,
std::_Identity<Subscriber*>, std::less<Subscriber*>,
std::allocator<Subscriber*> >::erase (this=0x6d0e00, __first=<value
optimized out>, __last=
      {_M_node = 0xccaa20}) at /usr/include/c
++/4.2/ext/new_allocator.h:97
#6  0x0000000000409e08 in std::_Rb_tree<Subscriber*, Subscriber*,
std::_Identity<Subscriber*>, std::less<Subscriber*>,
std::allocator<Subscriber*> >::erase (this=0x6d0e00, __x=<value
optimized out>)
    at /usr/include/c++/4.2/bits/stl_tree.h:1274
#7  0x0000000000409987 in Notification::unsubscribe (s=0xbaa6e0,
n=<value optimized out>)
    at /usr/include/c++/4.2/bits/stl_set.h:373
#8  0x000000000042ccfb in ~NavaidsOverlay (this=0xbaa6e0) at
NavaidsOverlay.cxx:303
#9  0x0000000000421bb3 in ~Overlays (this=0xb9dc20) at Overlays.cxx:74
#10 0x00000000004620f9 in ~Globals (this=0x6cc240) at Globals.cxx:46
#11 0x00007f284ffa7110 in exit () from /lib/libc.so.6
#12 0x000000000041642b in keyPressed (key=<value optimized out>,
x=<value optimized out>, 
    y=<value optimized out>) at Atlas.cxx:3764
#13 0x00007f2852992723 in glutMainLoopEvent ()
from /usr/lib/libglut.so.3
#14 0x00007f2852992c48 in glutMainLoop () from /usr/lib/libglut.so.3
#15 0x000000000041b5c7 in main (argc=8, argv=0x424a330) at
Atlas.cxx:4685
(gdb) q

If I comment OUT the 'erase'... no problems of course...
void Notification::unsubscribe(Subscriber *s, type n)
{
    printf("unsubscribe: type = %d, size = %d\n", n,
 _notifications.size());
    if (n == All) {
    //assert(_notifications.size() == All);
    //for (unsigned int i = 0; i < _notifications.size(); i++) {
    //    _notifications[i].erase(s);
    //}

...
subscribe: type = 3, size = 10
Entering glutMainLoop... Atlas is zinging... 'q' to Quit...
Got 'q'... Quitting...
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10
unsubscribe: type = 10, size = 10

Also NO PROBLEM if I protected it from MULTIPLE erases, like
  static bool _s_done_erase = false;
  if (!_s_done_erase) {
    assert(_notifications.size() == All);
    for (unsigned int i = 0; i < _notifications.size(); i++) {
        _notifications[i].erase(s);
    }
  }
 _s_done_erase = true;   

But when I look HARD at the code, I am NOT sure
what you are really trying to do here! It is a 
 vector<set<pointer>> vsp(10)
Surely 'delete' would be the thing to use to DELETE the
stored class pointer, if that is what you are trying to
do...

The documentation indicates erase() takes an
iterator, like vsp[i].begin(), not a pointer to some user
class 's'... I can not imagine what erase() is doing
with this user class pointer, when it expects a set
iterator...

This would most certainly NOT 'delete' the class pointers
that been have 'inserted' in the 'set'... I would see
the code as something like - BUT have NOT tested it...

 for (unsigned int i = 0; i < _notifications.size(); i++) {
   set<Subscriber *> ssp = _notifications[i];
   for (set<Subscriber *>::iterator it = ssp.begin();
     it != ssp.end(); it++) {
       if (*it) {
         delete *it; // delete user class
         *it = NULL; // set to zero
      }
   }
 }

And even the code if n is NOT equal 'All', although
it seems this is never called...

 } else {
   // _notifications[n].erase(s); NOT CORRECT!!!
   set<Subscriber *> ssp = _notifications[n]; // extract 'set'
   for (set<Subscriber *>::iterator it = ssp.begin();
     it != ssp.end(); it++) {
       if ( s == *it ) {
          delete *it;
          *it = NULL;
          // ?? ssp.erase(it); // ?? MAYBE ??
          break;
       }
   }
 }

That is no 'erase(Subscriber *)'...

Hope this HELPS ;=))

Regards,

Geoff.

PS: No time today to explore this further in windows...
but this looks to be the same problem as in Ubuntu...

Hi Brian,

Lucky, or unlucky for you, depending on your perspective, ;=))
dinner was delayed, so I DID get a chance to re-look
at this _notifications issue in native windows ;=))

As usual, quite simple really - On 'q', Atlas calls
exit(0), which means all the onexit c++ compiler
generated code is run, and there it is :-

`dynamic atexit destructor for 'Notification::_notifications'':
00721960  push        ebp
00721961  mov         ebp,esp
00721963  sub         esp,40h
00721966  push        ebx
00721967  push        esi
00721968  push        edi
00721969  mov         ecx,offset Notification::_notifications (796DD4h)
0072196E  call        std::vector<std::set<Subscriber *,std::less<Subscriber *>,
 std::allocator<Subscriber *> >,std::allocator<std::set<Subscriber *,
 std::less<Subscriber *>,std::allocator<Subscriber *> > >
>::~vector<std::set<Subscriber *,
 std::less<Subscriber *>,std::allocator<Subscriber *>
>,std::allocator<std::set<Subscriber *,
 std::less<Subscriber *>,std::allocator<Subscriber *> > > > (50CC7Eh)
00721973  pop         edi
00721974  pop         esi
00721975  pop         ebx
00721976  mov         esp,ebp
00721978  pop         ebp
00721979  ret

This compiler generated destructor is called quite
early in the BIG on-exit sequence of thing, and thus by the
time it gets to deleting the Overlays objects later,
which then invoke the 'unsubscribe' call, the
size of Notification::_notifications is indeed ZERO,
thus the only problem in windows is the 'assert'.

I have also has a chance to 'test' the code I previously
suggested, and the following compiles fine in windows...
and looks right to 'delete' the Subsriber pointers...
if that is what you intended...

typedef set<Subscriber *> SSP;
void Notification::unsubscribe(Subscriber *s, type n)
{
    unsigned int i;
    SSP ssp;
    SSP::iterator it;
    if (n == All) {
#ifndef _MSC_VER // due to late onexit call, size is 0
        assert(_notifications.size() == All);
#endif
        for (i = 0; i < _notifications.size(); i++) {
            //_notifications[i].erase(s);
            ssp = _notifications[i];
            for (it = ssp.begin(); it != ssp.end(); it++)
            {
                if ( *it ) {
                    delete *it;
                    *it = NULL;
                }
            }
            // ssp.erase(ssp.begin(),ssp.end()); // ??? MAYBE ???
            ssp.clear(); // MAYBE BETTER
        }
    } else {
        // _notifications[n].erase(s);
        if (( n >= 0 ) && ( (size_t)n < _notifications.size() )) {
            ssp = _notifications[n];
            for (it = ssp.begin(); it != ssp.end(); it++)
            {
                if ( s == *it ) {
                    delete *it;
                    *it = NULL;
                    ssp.erase(it); // ?? MAYBE ???
                    break; // A MUST, since erase()
                    // invalidates iterators
                }
            }
        }
    }
}

Of course I have never seen it run, since it is only called
as part of the exit(0) - on-exit process, and at that time
_notifications has already been cleared, so never enters the
for loop, but as stated it compiles without problems.

HTH,

Regards,

Geoff.

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> (c) The full latest patch of the vsnprinf() function for
    Geoff> windows.  As advised, not only do we have to use a -1 'count'
    Geoff> length, but for case where the string is EXACTLY the 'count'
    Geoff> length, must ensure the buffer is null terminated.

There's a Windows function called vsnprintf_s() that might solve the
null termination problem (unfortunately, it still only returns -1 when
the string is too long, so we need to keep the while loop).  I obviously
can't try it out here, but I was wondering if you had heard of it and if
you had tried it.

Brian

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> But when I look HARD at the code, I am NOT sure what you are
    Geoff> really trying to do here! It is a vector<set<pointer>>
    Geoff> vsp(10) Surely 'delete' would be the thing to use to DELETE
    Geoff> the stored class pointer, if that is what you are trying to
    Geoff> do...

I'm not trying to delete subscribers - I just want to remove the pointer
to the subscriber from the set.

    Geoff> The documentation indicates erase() takes an iterator, like
    Geoff> vsp[i].begin(), not a pointer to some user class 's'... I can
    Geoff> not imagine what erase() is doing with this user class
    Geoff> pointer, when it expects a set iterator...

According to my documentation, there are several versions of erase:

     void erase ( iterator position );
size_type erase ( const key_type& x );
     void erase ( iterator first, iterator last );

Note the second one, which takes a set element.  That's the one I'm
using.

Brian

Hi Brian,

> There's a Windows function called vsnprintf_s() that
> might solve the null termination problem ...
> was wondering if you had heard of it and if
> you had tried it.

Yes, and no, until now... although I did consider it
earlier, and rejected it as MORE work!

There are so many, _MANY_ cases where MS, in its infinite
wisdom, has provided NEW, so called 'secure', functions,
usually with _s appended... but always with an additional
'count' parameter...

That is what the config.h :-

#pragma warning(disable:4996)

is all about ;=)) The MS compiler outputs a 'depreciation'
warning, on lots and LOTS of functions like strlen -> strnlen_s,
printf -> printf_s, etc, etc, etc... where you must also
specify a MAXIMUM length to count/use, as an additional
1 (or more) parameter(s)...

I can see 'some' benefit in the case of 'strlen', to stop
it counting after the buffer length, but since
vsnprintf() already has a controlling 'n' maximum
buffer length, I can not see how they can make it _MORE_
secure ;=((

In most cross-platform open sources, these _s (or n) MS
ONLY functions are usually ignored, or else the platform
code would be _FILLED_ with :-

#if (defined(_MSC_VER) && (_MSC_VER >= 1300)) // *
 len = strnlen_s(buf, some_count);
 len = sprintf_s(buf, count, format, ...);
#else
 len = strlen(buf);
 len = sprintf(buf, format, ...);
#endif
Note it can NOT be implemented as a macro, since the
'count' requires some knowledge of the specific code
at that place...

* Not sure if this is the correct compiler level
where the 'depreciation' and _s (& n) functions arrived,
but it was around here... early 2000 anyway...

On reading the MS MSDN vsnprintf_s it seems to read
nearly the same as the vsnprintf function, except it
does return -1 if the formatted string is exactly
equal to the supplied count, provided _TRUNCATE
is used for the second count, at least warning there is
no room for the null character!

We have to use _TRUNCATE as the 2nd count, or else an
'invalid parameter handler' would pop up, with 'Abort,
Continue, ...etc if the formatted data plus terminating null
exceeded or equaled the count, which is _NOT_ what we want...

So, in this case, since we ALREADY have to have a _MSC_VER
switch anyway, to account for the -1 return, then below is
the new function... in this case, the vsnprintf_s
re-write has slightly 'improved' the function...

But I also can not see why we did not go with what I had
already VERY CAREFULLY researched, decided and tested...
there seems nothing wrong with always doing :-
 _buf[_size - 1] = 0;
in the windows only code...

And on a similar note...

> ... I actually never apply patches directly using
> the 'patch' command. Instead, I go through the patch
> file, look at the suggested changes, decide if they're
> necessary or not, modify them as I see fit, ...

Yes, this is what I suspected ;=))

Not to complain really, but it is not much fun to
'outsiders' like myself to always have a carefully
considered patch, re-patched like this ;=()

I usually take considerable care to duplicate the style
of the particular code, rather than using my own standards.
I would be nice if once in a while I could 'see' MY
patch in the code... and not your patch of my patch.

And this becomes especially true if you are going to
second guess me in the windows environment... The
vsnprinf patch I finally submitted should have been
acceptable, rather than you spending time on MSDN
documentation as well...

As stated, we in the window IDE are perpetually reminded
of these 'alternate' functions every time we consult the
documentation, F1, or forget to suppress 4996... this is one
of the first times I have noted a subtle 'improvement'
in functionality...

And imagine this in reverse, if every time you wanted to
make a cvs change, another maintainer, even subtly, changed
your code to what they thought was slightly 'better',
in code content, style or even comments...

Anyway, I agree YOU are the 'maintainer', and I am
NOT, although I would like to be... so you have
every right to re-write what I suggest ;=)) Just
recognize that this dampens my 'enthusiasm'... and
would imagine this being true in some other cases,
but not all...

Regards,

Geoff.

<patch file="misc.cxx">
#ifdef _MSC_VER
    // windows vsnprintf() returns -1, if it can NOT fit the formatted
    // string within the 'count', and most certainly _NOT_ the needed length!
    // And no need to 'copy' the 'va_list ap' pointer, or 'dispose' of it.
    // The ONLY failure here would be if 'realloc' FAILED, so 'exit(1)'
    int newLen;
    while ((newLen = vsnprintf_s(_buf + _strlen, _size - _strlen,
_TRUNCATE, fmt, ap)) < 0) {
        _size += _increment;
        _buf = (char *)realloc(_buf, _size);
        if ( !_buf ) {
            fprintf(stderr,
                "ERROR: MEMORY REALLOCATION FAILED ON %d BYTES! Aborting...\n",
                _size);
            exit(1);
        }
    }
    _strlen += newLen;  // bump the length, by this 'format' length...
#else
</patch>

On Sun, May 23, 2010 at 6:47 PM, Brian Schack
<bschack-flightgear@...> wrote:
>>>>>> "Geoff" == Geoff McLane  writes:
>    Geoff> But when I look HARD at the code, I am NOT sure what you are
...
> I'm not trying to delete subscribers - I just want to remove the pointer
> to the subscriber from the set.
...
> According to my documentation, there are several versions of erase:
>
>     void erase ( iterator position );
> size_type erase ( const key_type& x );
>     void erase ( iterator first, iterator last );
>
> Note the second one, which takes a set element.  That's the one I'm
> using.
>
Hi Brian,

Not sure, but ok, provided you put an #ifndef _MSC_VER around the
'assert', all is well in windows, since it is never run...

As shown, at program TERMINATION, the windows compiler has already
'freed/cleared' the vector hence _notifications.size() == 0, when
this is called...

And obviously you need some protection from multiple calls in
Ubuntu linux to avoid the core dump... must also get around to trying
my modified code there... just for interest ;=))

Regards,

Geoff.

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> As shown, at program TERMINATION, the windows compiler has
    Geoff> already 'freed/cleared' the vector hence
    Geoff> _notifications.size() == 0, when this is called...

Which I find a bit strange.  Do we know who is calling unsubscribe()?
Is it from AtlasController?

Brian

>>>>> "Geoff" == Geoff McLane  writes:

    >> There's a Windows function called vsnprintf_s() that might solve
    >> the null termination problem ...  was wondering if you had heard
    >> of it and if you had tried it.

    Geoff> Yes, and no, until now... although I did consider it earlier,
    Geoff> and rejected it as MORE work!

[...]

    Geoff> And this becomes especially true if you are going to second
    Geoff> guess me in the windows environment... The vsnprinf patch I
    Geoff> finally submitted should have been acceptable, rather than
    Geoff> you spending time on MSDN documentation as well...

The reason I checked the MSDN documentation is because I wanted to
understand what your patch was doing.  I think that's an entirely
reasonable thing to do.  In fact, I think it would be worrying if I
didn't.  

I happened to see the vsnprintf_s() function while I was looking, and,
since it seemed to solve a problem with your initial patch, I thought
you might be interested.  I was worried you had rejected using
vsnprintf_s() because you felt compelled to use the same function, and I
wanted to let you know it was okay.

    Geoff> And imagine this in reverse, if every time you wanted to make
    Geoff> a cvs change, another maintainer, even subtly, changed your
    Geoff> code to what they thought was slightly 'better', in code
    Geoff> content, style or even comments...

As far as I know, this is very common.  I've submitted a few patches to
FlightGear, and they've all been massaged by the maintainers.  As long
as the original intent of the patch remains, I have no problems with
that.

Another reason why I don't use patches directly is that often the source
file has changed by the time the patch arrives.

Brian

> Which I find a bit strange.  Do we know who is
> calling unsubscribe()?
> Is it from AtlasController?

Hi Brian,

It is NOT a question of who called 'unsubscribe()'!
Anyway that would ONLY clear the 'sets' from
the vector, leaving the vector<something> _n(10)
in tact... but perhaps each of the 10 vectors empty
of any sets...

As far as I am aware, unsubscribe() is ONLY called
by some deletion of the nav objects... that is, as part
of the destructor of those objects...

But when you declare a vector, like you have :-
vector<set<Subscriber *> > Notification::_notifications (Notification::All)
SOMEONE has to build the construction/allocation code,
and thus (potentially) the destruction code.

These are sort of 'anonymous' functions - the constructor
is called _BEFORE_ control is passed to main(), and the
destructor - again an 'anonymous' function - is called
_AFTER_ the program terminates...

This is 'standard' c++ capability... we rarely 'see' the actual
code, since it happens BEFORE main(), and AFTER exit(n),
or return n; from main...

Now I am SURE gcc MUST do this at least for
the constructor/allocation, otherwise the 'vector(10)' would
NOT exist, but since in linux the size() value is still 10
when 'unsubscribe' is eventually called, due to some other
destructor that is being called, this must mean
either gcc either does NOT build an anonymous
destructor/free/delete of the 'vector', or it is called later,
or something...

So to be clear, this is _NOT_ in any code you have written.
This is the 'standard' HIDDEN allocation/destruction of
c++ classes... code which we never normally 'see', or
care about...

I had to trace line by line into the exit(n), and only
seeing Intel machine code - no symbols - and it
was quite difficult to find the 'destructor' that I
put a copy of in my earlier email...

Again, this is anonymous code generated by the
compiler... when you declare -
vector<int> vi(10);
some CODE has to be run to allocate this 'class',
and it is usual to generate de-allocation CODE
at the same time... this CODE is all OUTSIDE
the main() program context...

Does that make it clear?

Regards,

Geoff.

PS: I did try my code it Ubuntu, and it worked
without any problems ;=)) but linux would NOT
let me set a 'NULL'... but since you do not want
to 'free' the Subscriber *, then I removed all
the 'deletion' stuff, and was left with -

typedef set<Subscriber *> SSP;
void Notification::unsubscribe(Subscriber *s, type n)
{
    unsigned int i;
    SSP ssp;
    SSP::iterator it;
    if (n == All) {
#ifndef _MSC_VER // due to late onexit call, size is 0
        assert(_notifications.size() == All);
#endif
        for (i = 0; i < _notifications.size(); i++) {
            //_notifications[i].erase(s);
            ssp = _notifications[i];
            // ssp.erase(ssp.begin(),ssp.end()); // ??? MAYBE ???
            ssp.clear(); // MAYBE BETTER
        }
    } else {
        // _notifications[n].erase(s);
        if (( n >= 0 ) && ( (size_t)n < _notifications.size() )) {
            ssp = _notifications[n];
            for (it = ssp.begin(); it != ssp.end(); it++)
            {
                if ( s == *it ) {
                    ssp.erase(it); // remove it
                    break; // A MUST, since erase()
                    // invalidate the iterator
                }
            }
        }
    }
}

As stated, this now ran fine in linux, with no
'crash'... and seems to do what you want...

g.

Just as a quick update...  I'm now getting occasional segfaults while
within Atlas as well as when exiting.  For instance, I was just using
Atlas to plan a route between KTUS and KLAS and when I moved the map by
dragging with the mouse it segfaulted and exited.  I haven't done a
backtrace on this (yet) so I don't know if the problem is related to the
segfault-while-exiting issue.  I'll start running Atlas from the command
line with "ulimit -c unlimited" so I can get a core dump if it does it
again.

Just thought I'd make everyone's day!  ;)

Regards,

Chris

P.S.  A short "it's really none of my business, but..." comment on the
discussion regarding the maintainer reviewing patches (or not)...

I can see both points of view.  The maintainer *definitely* has a
responsibility to review suggested patches to ensure they're "proper" in
accordance with the coding "rules and procedures" for the project (not
sure if I worded that right, but ya'll know what I mean).  Otherwise,
over time the code will become a hodge podge of different styles, coding
methodologies, etc.

On the other hand, I can see where a developer might get a little
perturbed if every time he submits a proposed patch every little change
is questioned by the maintainer (NOT that that's what's happening here
but, again, ya'll know what I mean).

The "trick" to avoiding any misunderstanding and bad feelings is GOOD
communications at all times...  setting the "ground rules" in advance so
everyone knows the rules of the game beforehand, constant communications
(both in the list and privately if need be) between the maintainer and
the developers to ensure both know why any changes by the maintainer are
being made, etc.  If everyone is "kept in the loop" at all times, then
chances for misunderstandings and hurt feelings are minimized.

Just my non-maintainer AND non-programmer $0.02 worth...  for what it's
worth!  ;)

Regards, again...  Chris

>>>>> "Geoff" == Geoff McLane  writes:

    >> Which I find a bit strange.  Do we know who is calling
    >> unsubscribe()?  Is it from AtlasController?

    Geoff> It is NOT a question of who called 'unsubscribe()'!  Anyway
    Geoff> that would ONLY clear the 'sets' from the vector, leaving the
    Geoff> vector<something> _n(10) in tact... but perhaps each of the
    Geoff> 10 vectors empty of any sets...

    Geoff> As far as I am aware, unsubscribe() is ONLY called by some
    Geoff> deletion of the nav objects... that is, as part of the
    Geoff> destructor of those objects...

I understand what you're saying, but I still think my question is valid.
I wrote the code assuming that the destructor for Notification would be
called only after all the subscribers had unsubscribed.  Or, to put it
another way, I wrote the code assuming that no one would call
Notification::unsubscribe() after the deletion of _notifications, which
seems reasonable.  

If we can find out who is calling unsubscribe so late, then we can clear
up the problem.  Alternatively, we can actually declare an instance of
Notification and use that throughout the code instead.

Brian

>>>>> "Chris" == Chris O'Neill  writes:

    Chris> Just as a quick update...  I'm now getting occasional
    Chris> segfaults while within Atlas as well as when exiting.  For
    Chris> instance, I was just using Atlas to plan a route between KTUS
    Chris> and KLAS and when I moved the map by dragging with the mouse
    Chris> it segfaulted and exited.

So you're getting segfaults at exit, *and* getting segfaults while using
it?  The segfault at exit probably has to do with object deletion; the
one that you had while dragging is a new kettle of fish.  If you can
find out where it's crashing, that would help a lot.

    Chris> P.S.  A short "it's really none of my business, but..."
    Chris> comment on the discussion regarding the maintainer reviewing
    Chris> patches (or not)...

    Chris> I can see both points of view.  The maintainer *definitely*
    Chris> has a responsibility to review suggested patches to ensure
    Chris> they're "proper" in accordance with the coding "rules and
    Chris> procedures" for the project (not sure if I worded that right,
    Chris> but ya'll know what I mean).  Otherwise, over time the code
    Chris> will become a hodge podge of different styles, coding
    Chris> methodologies, etc.

    Chris> On the other hand, I can see where a developer might get a
    Chris> little perturbed if every time he submits a proposed patch
    Chris> every little change is questioned by the maintainer (NOT that
    Chris> that's what's happening here but, again, ya'll know what I
    Chris> mean).

    Chris> The "trick" to avoiding any misunderstanding and bad feelings
    Chris> is GOOD communications at all times...  setting the "ground
    Chris> rules" in advance so everyone knows the rules of the game
    Chris> beforehand, constant communications (both in the list and
    Chris> privately if need be) between the maintainer and the
    Chris> developers to ensure both know why any changes by the
    Chris> maintainer are being made, etc.  If everyone is "kept in the
    Chris> loop" at all times, then chances for misunderstandings and
    Chris> hurt feelings are minimized.

Thanks for the comment.  Depending on the problem, I may not comment
right away on issues discussed here - it's not me ignoring you, it's
just me thinking about the problem.  So, for example, I've read the
postings about data directories, and the postings about paths (in this
case, paths to aircraft images), but the discussions have prompted
questions about larger issues, questions which I haven't resolved yet.
So rest assured that I read and take into account what you say.  In the
future I'll try to at least acknowledge the postings, just to let you
know that I'm listening.  No guarantees that my brain will function any
faster when coming to a resolution, though. :-)

Brian

Hi Brian,

I guess I do NOT understand exactly WHAT you
are chasing here... but to try to answer
you VERY exactly and precisely as I can ;=))

Notification::unsubscribe is called from -
Subscriber::~Subscriber(), the Subscriber
destructor, since it has the code form you
wrote :-

Subscriber::~Subscriber()
{
    Notification::unsubscribe(this, Notification::All);
}

And this 'Subscriber' destructor, is called from
_EACH_ of the following destructors :-

1. AirportsOverlay::~AirportsOverlay()
2. NavaidsOverlay::~NavaidsOverlay()
3. AirwaysOverlay::~AirwaysOverlay()
4. FixesOverlay::~FixesOverlay()
5. FlightTracksOverlay::~FlightTracksOverlay()

Probably because each of these classes are declared
in the form ...

class AirwaysOverlay: public Subscriber {
...
};

The Subscriber destructor call is code generated by
the compiler, at the _END_ of each of the above
destructor functions - here is an assembler
listing at the end of say ~AirportsOverlays()
function - after the delete _culler... :-

    delete _culler;
00518E3E  mov         eax,dword ptr [ebp-10h]
00518E41  mov         ecx,dword ptr [eax+4]
00518E44  mov         dword ptr [ebp-60h],ecx
00518E47  mov         edx,dword ptr [ebp-60h]
00518E4A  mov         dword ptr [ebp-64h],edx
00518E4D  cmp         dword ptr [ebp-64h],0
00518E51  je          AirportsOverlay::~AirportsOverlay+1C2h (518E62h)
00518E53  push        1
00518E55  mov         ecx,dword ptr [ebp-64h]
00518E58  call        Culler::`scalar deleting destructor' (5079A8h)
00518E5D  mov         dword ptr [ebp-80h],eax
00518E60  jmp         AirportsOverlay::~AirportsOverlay+1C9h (518E69h)
00518E62  mov         dword ptr [ebp-80h],0
}
00518E69  mov         byte ptr [ebp-4],0
00518E6D  mov         ecx,dword ptr [ebp-10h]
00518E70  add         ecx,1Ch
00518E73  call        std::vector<ARP *,std::allocator<ARP *>
>::~vector<ARP *,std::allocator<ARP *> > (50A9D7h)
00518E78  mov         dword ptr [ebp-4],0FFFFFFFFh
00518E7F  mov         ecx,dword ptr [ebp-10h]
00518E82  call        Subscriber::~Subscriber (504154h)
00518E87  mov         ecx,dword ptr [ebp-0Ch]
00518E8A  mov         dword ptr fs:[0],ecx
00518E91  pop         ecx
00518E92  pop         edi
00518E93  pop         esi
00518E94  pop         ebx
00518E95  mov         esp,ebp
00518E97  pop         ebp
00518E98  ret

And ALL of this code is _AFTER_ exit(0) on
receipt of a 'q' key in...

In my experience we can NOT predict the exact order
of 'destructor' calls during the automatic compiler
generated destructors... so to assume it one way or
the other seems fraught with danger and faulty...

But anyway, the patch I have sent, repeated below,
makes it such that it is NOT problem exactly WHEN
it is called...

What can be wrong with that? As stated I have already
tested this in BOTH windows and Ubuntu linux, and
NO segfault ;=))

HTH,

Geoff.

<patch>
typedef set<Subscriber *> SSP;
void Notification::unsubscribe(Subscriber *s, type n)
{
    unsigned int i;
    SSP ssp;
    SSP::iterator it;
    if (n == All) {
#ifndef _MSC_VER // due to late onexit call, size is 0
        assert(_notifications.size() == All);
#endif
        for (i = 0; i < _notifications.size(); i++) {
            //_notifications[i].erase(s);
            ssp = _notifications[i];
            // ssp.erase(ssp.begin(),ssp.end()); // ??? MAYBE ???
            ssp.clear(); // MAYBE BETTER
        }
    } else {
        // _notifications[n].erase(s);
        if (( n >= 0 ) && ( (size_t)n < _notifications.size() )) {
            ssp = _notifications[n];
            for (it = ssp.begin(); it != ssp.end(); it++)
            {
                if ( s == *it ) {
                    ssp.erase(it); // remove this entry
                    break; // A MUST, since erase()
                    // invalidates iterators
                }
            }
        }
    }
}
</patch>

On Tue, 2010-05-25 at 22:44 -0600, Brian Schack wrote:
> So you're getting segfaults at exit, *and* getting segfaults while using
> it?  The segfault at exit probably has to do with object deletion; the
> one that you had while dragging is a new kettle of fish.  If you can
> find out where it's crashing, that would help a lot.

I didn't get a backtrace of that crash because I wasn't setup for it,
specifically I didn't have "ulimit -c unlimited" so that I could
generate a core dump.

Now I have that line in my script so that if Atlas/Map crashes again I
*will* have a core dump.  Of course, it hasn't crashed since (except the
on-exit one) now that I'm prepared.  LOL!  But, if it does crash I'll be
ready.

>     Chris> P.S.  A short "it's really none of my business, but..."
>     Chris> comment on the discussion regarding the maintainer reviewing
>     Chris> patches (or not)...

[Snip!]

> Thanks for the comment.  Depending on the problem, I may not comment
> right away on issues discussed here - it's not me ignoring you, it's
> just me thinking about the problem.  So, for example, I've read the
> postings about data directories, and the postings about paths (in this
> case, paths to aircraft images), but the discussions have prompted
> questions about larger issues, questions which I haven't resolved yet.
> So rest assured that I read and take into account what you say.  In the
> future I'll try to at least acknowledge the postings, just to let you
> know that I'm listening.  No guarantees that my brain will function any
> faster when coming to a resolution, though. :-)

No problem, Brian.  I, too, sometimes take time to consider something
before commenting or asking questions, so instant "responses" aren't
expected.  I do think, however, acknowledging the issue/question with
something like "I'll have to think about that for awhile, and I'll get
back to you" would be helpful so that the person knows for sure you're
listening.  And, btw, forgetting something cuz there's so much to
remember and/or deal with is allowed once in awhile...  after all, we're
all human!

Regards,

Chris

P.S.  Memory test...  which O/S am I running?  ;) (no fair peeking at
past messages!)  :D

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> Hi Brian, I guess I do NOT understand exactly WHAT you are
    Geoff> chasing here... but to try to answer you VERY exactly and
    Geoff> precisely as I can ;=))

    Geoff> Notification::unsubscribe is called from -
    Geoff> Subscriber::~Subscriber(), the Subscriber destructor, since
    Geoff> it has the code form you wrote :-

    Geoff> Subscriber::~Subscriber() { Notification::unsubscribe(this,
    Geoff> Notification::All);
    Geoff> }

    Geoff> And this 'Subscriber' destructor, is called from _EACH_ of
    Geoff> the following destructors :-

    Geoff> 1. AirportsOverlay::~AirportsOverlay()
    Geoff> 2. NavaidsOverlay::~NavaidsOverlay()
    Geoff> 3. AirwaysOverlay::~AirwaysOverlay()
    Geoff> 4. FixesOverlay::~FixesOverlay()
    Geoff> 5. FlightTracksOverlay::~FlightTracksOverlay()

Now I understand - thanks.  The various overlays are allocated in the
Globals class.  Its destructor is being called after the destructor for
Notification.  Thus the crash.  Since the globals variable is automatic,
we have no or little control over when its destructor is called.  On OS
X, it apparently is called before the Notification destructor; on
Windows, it is called after.

The decision to make globals an automatic variable was one of
convenience.  Also, I've been thinking that what we really need is an
AtlasController object (in the spirit of the Model-View-Controller/MVC
paradigm), which would probably suck in much or all of the Globals
class.  As well, the AtlasController would be explicitly created and
destroyed, so we wouldn't have any of this trouble.  I'll have to think
about it a bit more, and the actual changeover, if I decide to go ahead
with it, will take a bit of time.

Thanks for your help!

Brian

Hi Brian,

Ok, eventually I got around to doing a windows cvs
update, in preparation of re-compiling and doing
some Map and Atlas tests in native windows, BUT...

Your recent cvs patch to misc.cxx 100% demonstrates, in
many ways, why it is sometimes much better to use 'patch',
than to re-write the code submitted by 3rd parties!

Hopefully the patch sent by the 3rd party has been tested
for functionality, while, if the re-write is in code you
can not personally check and test, then such re-written
code can be faulty ;=((

You forgot to update the value of _buf, with newBuf!

On perhaps a lesser note, you have chosen to return
a NULL, rather than the exit(1) as in my patch. While as
far as I can see, no present calls to AtlasString.printf(),
append() use the buffer returned, it seems bad to return
a NULL...

Hopefully no one will do code like :-
printf("%s\n", stg.append(...));
and hope to always win ;=))

But ok, even if this return of a NULL is not a problem,
at that point, one would have to ask is the memory pointer
remaining in _buf still valid if the realloc returned NULL?
I do not know...

Because for sure later the code will probably use stg.str()
which returns this now, potentially invalid, _buf address,
at least with a truncated string, and on exit the destructor
will try to 'free' it...

Since memory managers in all OSES are quite solid today,
this is a minor possibility, but I still believe a message
and exit(1) is the correct course of action, as per my
patch.

And like you have done with another 'realloc' in that
file - assert( buf != NULL )
Such an assert() will abort(), with core dump, if this
'realloc' returns NULL. If one, why not abort all failed
reallocs, to be consistent... of course using exit(1),
not abort(), with its additional consequences...

Additionally, if you intend 'acknowledging' the submitter
in the cvs logs, as you have done in this case, then it
is not good to change their 'comment' with the code.

I always try to avoid putting one system down, against
others - like suggesting one is more helpful than the
other - that is I try to avoid what I call 'political'
statments in comments - I try to stick to just the facts.

It seems amply sufficient to say -
// Window's version of vsnprintf() returns -1 when the...

To add the emotive and judgmental term 'unhelpfully'
here seems totally unecessary, IMHO.

So, while I _DO_ like, and appreciate the 'acknowledgement',
and thank you for this, putting in a 'comment' that I
did _NOT_ make is simple not nice, especially if that
person takes good care themselves to avoid such 'political'
mumblings...

I sort of feel if you are going to change the code
and/or the 'comment', that is NOT use 'patch', then you
should sort of also add a cvs comment something like :-

While this patch was suggested by 'abc', note that
any resemblance to what they submitted, and this cvs
code is pure chance, and that any opinions expressed
in the code comments added are not necessarily those
of the suggester...

Not really, but I am sure you get the idea ;=))

Attached below is the brief 'history' of this
particular patch...

Anyway, thanks for the 'gzgets' patches, tossing the
'assert' in the garbage in this case ;=)) but
choosing to return 'false'...

But I must also leave my patch in
 Notification::unsubscribe()
which has yet to be addressed in cvs, as are a
few other minor mods...

With this off my chest, I can get on with the
native windows testing... but running out of time
today...

Regards,

Geoff.

History of vsnprintf() patching:

Early May, or before I note a '?' key produces a window
 with very truncated messages... but Atlas had other
 problems so attacked those first...

10 May: Andreas reports rcPath.printf() call produced a
 corrupted path looking like -
 C:\Users\gaeb/.a²²²²¦¦¦¦÷ÃÀ?¦¦
 and mentions AtlasString... memory corruption...

12 May: My first patch of AtlasString::_appendf()

17 May: Maintainer, questions need to use -1, and shortens
 the code, but forgets to update 'newLen'...

18 May: Return a tested, corrected version, accepting the
 shorter form...

19 May: My re-testing shows up the the fault when formatted
 exactly equals count, returns un-null terminated... submit
 a minor corrrection.

22 May: Maintainer introduces the _s version, perhaps not
 knowing MSVC users are always aware of these MS ONLY versions,
 and tend not to use them, and suppress the 4996 warnings they
 kick up...

24 May: Accept using the _s version, and return tested
 patch, and ramble on about maintainer's right to change
 submitters patches...

24 May: Get quick reply
 > The reason I checked the MSDN documentation is because
 > I wanted to understand what your patch was doing.  I
 > think that's an entirely reasonable thing to do.  In
 > fact, I think it would be worrying if I didn't.

27 May: cvs update, with code re-written by maintainer -
 with changed comments, and introduces another fault!

 *** disappointment and despare ***

While I agree I would be 'worried' if a maintainer did
not 'check' code by a submitter, I am even _MORE_ worried
by what I consider unnecessary changes that introduce
_NEW_ faults ;=((

Just an opinion...

>>>>> "Geoff" == Geoff McLane  writes:

    Geoff> Your recent cvs patch to misc.cxx 100% demonstrates, in many
    Geoff> ways, why it is sometimes much better to use 'patch', than to
    Geoff> re-write the code submitted by 3rd parties!

    Geoff> Hopefully the patch sent by the 3rd party has been tested for
    Geoff> functionality, while, if the re-write is in code you can not
    Geoff> personally check and test, then such re-written code can be
    Geoff> faulty ;=((

    Geoff> You forgot to update the value of _buf, with newBuf!

Sorry about that.  I've made the change (as well as changed the comment)
and checked it in.  As for illustrating the dangers of fiddling with
patches, it does.  I'll be more careful in the future.

    Geoff> On perhaps a lesser note, you have chosen to return a NULL,
    Geoff> rather than the exit(1) as in my patch. While as far as I can
    Geoff> see, no present calls to AtlasString.printf(), append() use
    Geoff> the buffer returned, it seems bad to return a NULL...

[...]

    Geoff> And like you have done with another 'realloc' in that file -
    Geoff> assert( buf != NULL ) Such an assert() will abort(), with
    Geoff> core dump, if this 'realloc' returns NULL. If one, why not
    Geoff> abort all failed reallocs, to be consistent... of course
    Geoff> using exit(1), not abort(), with its additional
    Geoff> consequences...

That seems reasonable.  I've changed it to an assert().

    Geoff> Additionally, if you intend 'acknowledging' the submitter in
    Geoff> the cvs logs, as you have done in this case, then it is not
    Geoff> good to change their 'comment' with the code.

    Geoff> To add the emotive and judgmental term 'unhelpfully' here
    Geoff> seems totally unecessary, IMHO.

I've removed it.  It is hard to resist getting in digs at Windows, when
it is (certainly in this case) so deserving of it.  However, I do
understand that it is your change, so I can't take as many liberties
with it.

    Geoff> Anyway, thanks for the 'gzgets' patches, tossing the 'assert'
    Geoff> in the garbage in this case ;=)) but choosing to return
    Geoff> 'false'...

    Geoff> But I must also leave my patch in Notification::unsubscribe()
    Geoff> which has yet to be addressed in cvs, as are a few other
    Geoff> minor mods...

They're still on the list of things to do - fear not.

Brian

Hi Brian,

> > And like you have done with another 'realloc' in that file -
> > assert( buf != NULL ) Such an assert() will abort(), with
> > core dump, if this 'realloc' returns NULL. If one, why not
> > abort all failed reallocs, to be consistent... of course
> > using exit(1), not abort(), with its additional
> > consequences...
>
> That seems reasonable. I've changed it to an assert().
>

Wow, it seems I can never 'win' with you! Now sort of
out of the fat and into the fire ;=)) not really!

While I was pushing you to do something more
than return NULL when the 'realloc' fails,
I did clearly ADD - "of course using exit(1),
not abort(), with its additional consequences..."

As I understand it, assert() uses abort(), or
some other 'violent' exit, usually where no 'onexit'
code is run, which may sometimes be a good thing, and you 
get a 'core dump' in unix, and a funny (read annoying)
dialog popup in windows Vista - like program has stopped
in an unusual way, and it searches the web for a solution, 
and finding none, suggests you contact the vendor...

But I suppose an assert() _IS_ better than returning
a NULL ;=)) 

And I just noted my Ubuntu /usr/include/assert.h
_ALSO_ has a 'NDEBUG' macro, just like in windows,
so it is possible for unix users to also define
away an 'assert()'... and here I was thinking it was
a MS only thingy ;=()

But, as I am sure we agree, this is a very unlikely
event, so ok... I will give up on this one as there
are still bigger fish to catch ;=))

Regards,

Geoff.