[racket] Callback on shutdown
At Wed, 7 May 2014 12:07:28 -0400, Eli Barzilay wrote:
> Two hours ago, Matthew Flatt wrote:
> > I've added `custodian-tidy-all` and related functions to
> > [un]register a "tidy callback".
>
> I was curious how it works, and on a quick look it sounded like
> there's a potential problem if a sandbox is registering a bad tidier.
Oh, I see what you mean. The current design is wrong.
In adding this functionality, I wondered whether the job really belongs
with custodians...
More generally, I had the wrong idea at the start. I initially thought
that these callbacks were a kind of must-do-on-exit action. If that
were the case, then the custodian hierarchy would help ensure that the
callbacks are actually called. Consistent with that misunderstanding, I
called the new functionality "exit" callbacks, at first.
But now I understand the new functionality as optional callbacks that
don't "exit" anything. They try to put things into a nice state; that's
a good thing to do just before exiting, but it can make sense at other
times, too. Besides being not mandatory (anything mandatory has to be
in the privileged world of custodian shut-down actions), they could use
a slightly different hierarchy than custodians.
A sandbox should not only isolate a process so that tidying within the
sandbox is confined, but it also isolate it so that tidying doesn't go
directly into the sandbox, which means creating a new root for tidy
callbacks. In response to tidying outside the sandbox, probably a
sandbox should schedule tidy callbacks to happen within the sandbox's
thread.
I'll try again, which probably means introducing a new thing with its
own hierarchy, including the ability to create new roots.