Re: printf POSIX compliance

[Rich Felker <dalias@aerifal.cx>]

On Fri, Jun 08, 2012 at 06:07:37PM +0100, Reuben Thomas wrote:
> On 8 June 2012 18:00, Rich Felker <dalias@aerifal.cx> wrote:
> > On Fri, Jun 08, 2012 at 05:46:10PM +0100, Reuben Thomas wrote:
> >>
> >> Jim Meyering has an analysis of the problem here:
> >>
> >> http://www.gnu.org/ghm/2011/paris/#sec-2-1
> >
> > He makes it a lot more difficult than it has to be...
> 
> Possibly a discussion worth having with Jim? Most obviously on
> bug-gnulib@gnu.org, as he's an active gnulib maintainer.

I'm not sure it's worth starting a debate. His slides made for an
interesting presentation, but in my opinion, the reason it got to be a
mess is that his choice to "factor out" the close operation into an
exit handler registered with atexit was a fundamentally bad design. It
creates additional global state (not to mention the fact that exiting
from an atexit handler has some major issues in itself!) and
unnaturally breaks up the use and checking of stdout status into
unrelated parts of the program, which then required adding ugly and
non-portable hacks to determine if closing stdout needs to be checked.

There's also the issue that if fd 1 did not exist when the program
started and got assigned to another file the program opened,
fclose(stdout) could wrongly close that fd; in the worst case
(especially with multi-threaded programs) this could then lead to
another file getting reassigned to the same fd, and code that's still
in the process of writing to the original one could clobber the wrong
file.

If he'd stuck to closing stdout and checking for errors in the main
program flow after the program is done using stdout, everything would
remain incredibly simple. By the way, note that my test
ferror(stdout)||fclose(stdout) avoids calling fclose if ferror returns
nonzero, so you don't clobber the existing errno value, but that's
fragile anyway since it's likely that you already clobbered errno
elsewhere.

Rich