From 0104c62f3fda9016658809d79cf395d78611e35a Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 20 Oct 2011 15:01:47 +0100 Subject: [PATCH] GInitable, GAsyncInitable: not initializing gives undefined behaviour This is the ISO C sense of undefined behaviour, in which works-by-coincidence, critical warning, abort, demons-fly-out-of-your-nose are all valid implementations. Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662208 Signed-off-by: Simon McVittie Reviewed-by: David Zeuthen --- gio/gasyncinitable.c | 8 +++++--- gio/ginitable.c | 31 ++++++++++++++++++++----------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/gio/gasyncinitable.c b/gio/gasyncinitable.c index 471763ed1..0cfde8d46 100644 --- a/gio/gasyncinitable.c +++ b/gio/gasyncinitable.c @@ -187,9 +187,11 @@ g_async_initable_default_init (GAsyncInitableInterface *iface) * the object doesn't support cancellable initialization, the error * %G_IO_ERROR_NOT_SUPPORTED will be returned. * - * If this function is not called, or returns with an error, then all - * operations on the object should fail, generally returning the - * error %G_IO_ERROR_NOT_INITIALIZED. + * As with #GInitable, if the object is not initialized, or initialization + * returns with an error, then all operations on the object except + * g_object_ref() and g_object_unref() are considered to be invalid, and + * have undefined behaviour. They will often fail with g_critical() or + * g_warning(), but this must not be relied on. * * Implementations of this method must be idempotent: i.e. multiple calls * to this function with the same argument should return the same results. diff --git a/gio/ginitable.c b/gio/ginitable.c index b2df3a961..10770f8cb 100644 --- a/gio/ginitable.c +++ b/gio/ginitable.c @@ -32,11 +32,16 @@ * @see_also: #GAsyncInitable * * #GInitable is implemented by objects that can fail during - * initialization. If an object implements this interface the - * g_initable_init() function must be called as the first thing - * after construction. If g_initable_init() is not called, or if - * it returns an error, all further operations on the object - * should fail, generally with a %G_IO_ERROR_NOT_INITIALIZED error. + * initialization. If an object implements this interface then + * it must be initialized as the first thing after construction, + * either via g_initable_init() or g_async_initable_init_async() + * (the latter is only available if it also implements #GAsyncInitable). + * + * If the object is not initialized, or initialization returns with an + * error, then all operations on the object except g_object_ref() and + * g_object_unref() are considered to be invalid, and have undefined + * behaviour. They will often fail with g_critical() or g_warning(), but + * this must not be relied on. * * Users of objects implementing this are not intended to use * the interface method directly, instead it will be used automatically @@ -67,8 +72,10 @@ g_initable_default_init (GInitableInterface *iface) * @error: a #GError location to store the error occurring, or %NULL to * ignore. * - * Initializes the object implementing the interface. This must be - * done before any real use of the object after initial construction. + * Initializes the object implementing the interface. + * + * The object must be initialized before any real use after initial + * construction, either with this function or g_async_initable_init_async(). * * Implementations may also support cancellation. If @cancellable is not %NULL, * then initialization can be cancelled by triggering the cancellable object @@ -77,14 +84,16 @@ g_initable_default_init (GInitableInterface *iface) * the object doesn't support cancellable initialization the error * %G_IO_ERROR_NOT_SUPPORTED will be returned. * - * If this function is not called, or returns with an error then all - * operations on the object should fail, generally returning the - * error %G_IO_ERROR_NOT_INITIALIZED. + * If the object is not initialized, or initialization returns with an + * error, then all operations on the object except g_object_ref() and + * g_object_unref() are considered to be invalid, and have undefined + * behaviour. See the section introduction + * for more details. * * Implementations of this method must be idempotent, i.e. multiple calls * to this function with the same argument should return the same results. * Only the first call initializes the object, further calls return the result - * of the first call. This is so that its safe to implement the singleton + * of the first call. This is so that it's safe to implement the singleton * pattern in the GObject constructor function. * * Returns: %TRUE if successful. If an error has occurred, this function will