Date: Mon, 04 Sep 2023 21:29:46 -0700
On Monday, 4 September 2023 12:34:41 PDT Ville Voutilainen via Std-Proposals
wrote:
> I don't recall such an argument being made. The ABI-stability concern
> arguments talk about binary blobs that you can't reimplement, so while
> the ABI break is there, either your product doesn't run (if you're
> lucky), or runs so incorrectly that you can't ship it (if you're less
> lucky).
There's a third, even less lucky option: that it *appears* to run correctly,
so you ship, but it is not actually running correctly. This usually manifests
as crashes that only your customers see in weird conditions -- if you're on
the less unlucky side. If you're not, it's silently corrupting data for a long
time before anyone notices the problem.
I'll grant you this is not a problem specifically of ABIs. Any sufficiently
complex bug can behave this way. The tricky part is that an ABI issue can't be
easily caught by traditional code reviews or static analysis tools. It
requires very in-depth, specialised or arcane knowledge that I doubt more than
100 people on the planet really possess and truly understand. This means this
review itself is expensive, if not impractical.
Indeed a simple solution to this is to rebuild the world every time. But even
projects that do that draw a line somewhere and it's usually above the C and
C++ Standard Libraries.
wrote:
> I don't recall such an argument being made. The ABI-stability concern
> arguments talk about binary blobs that you can't reimplement, so while
> the ABI break is there, either your product doesn't run (if you're
> lucky), or runs so incorrectly that you can't ship it (if you're less
> lucky).
There's a third, even less lucky option: that it *appears* to run correctly,
so you ship, but it is not actually running correctly. This usually manifests
as crashes that only your customers see in weird conditions -- if you're on
the less unlucky side. If you're not, it's silently corrupting data for a long
time before anyone notices the problem.
I'll grant you this is not a problem specifically of ABIs. Any sufficiently
complex bug can behave this way. The tricky part is that an ABI issue can't be
easily caught by traditional code reviews or static analysis tools. It
requires very in-depth, specialised or arcane knowledge that I doubt more than
100 people on the planet really possess and truly understand. This means this
review itself is expensive, if not impractical.
Indeed a simple solution to this is to rebuild the world every time. But even
projects that do that draw a line somewhere and it's usually above the C and
C++ Standard Libraries.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel DCAI Cloud Engineering
Received on 2023-09-05 04:29:48