GInitable, GAsyncInitable: not initializing gives undefined behaviourinitable-662208

This is the ISO C sense of undefined behaviour, in which
works-by-coincidence, critical warning, abort, demons-fly-out-of-your-nose
are all valid implementations.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=662208
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

2 files changed, 25 insertions, 14 deletions

diff --git a/gio/gasyncinitable.c b/gio/gasyncinitable.c
index 471763ed1..0cfde8d46 100644
--- a/gio/gasyncinitable.c
+++ b/gio/gasyncinitable.c
@@ -187,9 +187,11 @@ g_async_initable_default_init (GAsyncInitableInterface *iface)
  * the object doesn't support cancellable initialization, the error
  * %G_IO_ERROR_NOT_SUPPORTED will be returned.
  *
- * If this function is not called, or returns with an error, then all
- * operations on the object should fail, generally returning the
- * error %G_IO_ERROR_NOT_INITIALIZED.
+ * As with #GInitable, if the object is not initialized, or initialization
+ * returns with an error, then all operations on the object except
+ * g_object_ref() and g_object_unref() are considered to be invalid, and
+ * have undefined behaviour. They will often fail with g_critical() or
+ * g_warning(), but this must not be relied on.
  *
  * Implementations of this method must be idempotent: i.e. multiple calls
  * to this function with the same argument should return the same results.
diff --git a/gio/ginitable.c b/gio/ginitable.c
index b2df3a961..10770f8cb 100644
--- a/gio/ginitable.c
+++ b/gio/ginitable.c
@@ -32,11 +32,16 @@
  * @see_also: #GAsyncInitable
  *
  * #GInitable is implemented by objects that can fail during
- * initialization. If an object implements this interface the
- * g_initable_init() function must be called as the first thing
- * after construction. If g_initable_init() is not called, or if
- * it returns an error, all further operations on the object
- * should fail, generally with a %G_IO_ERROR_NOT_INITIALIZED error.
+ * initialization. If an object implements this interface then
+ * it must be initialized as the first thing after construction,
+ * either via g_initable_init() or g_async_initable_init_async()
+ * (the latter is only available if it also implements #GAsyncInitable).
+ *
+ * If the object is not initialized, or initialization returns with an
+ * error, then all operations on the object except g_object_ref() and
+ * g_object_unref() are considered to be invalid, and have undefined
+ * behaviour. They will often fail with g_critical() or g_warning(), but
+ * this must not be relied on.
  *
  * Users of objects implementing this are not intended to use
  * the interface method directly, instead it will be used automatically
@@ -67,8 +72,10 @@ g_initable_default_init (GInitableInterface *iface)
  * @error: a #GError location to store the error occurring, or %NULL to
  * ignore.
  *
- * Initializes the object implementing the interface. This must be
- * done before any real use of the object after initial construction.
+ * Initializes the object implementing the interface.
+ *
+ * The object must be initialized before any real use after initial
+ * construction, either with this function or g_async_initable_init_async().
  *
  * Implementations may also support cancellation. If @cancellable is not %NULL,
  * then initialization can be cancelled by triggering the cancellable object
@@ -77,14 +84,16 @@ g_initable_default_init (GInitableInterface *iface)
  * the object doesn't support cancellable initialization the error
  * %G_IO_ERROR_NOT_SUPPORTED will be returned.
  *
- * If this function is not called, or returns with an error then all
- * operations on the object should fail, generally returning the
- * error %G_IO_ERROR_NOT_INITIALIZED.
+ * If the object is not initialized, or initialization returns with an
+ * error, then all operations on the object except g_object_ref() and
+ * g_object_unref() are considered to be invalid, and have undefined
+ * behaviour. See the <xref linkend="ginitable"/> section introduction
+ * for more details.
  *
  * Implementations of this method must be idempotent, i.e. multiple calls
  * to this function with the same argument should return the same results.
  * Only the first call initializes the object, further calls return the result
- * of the first call. This is so that its safe to implement the singleton
+ * of the first call. This is so that it's safe to implement the singleton
  * pattern in the GObject constructor function.
  *
  * Returns: %TRUE if successful. If an error has occurred, this function will