ISO/IEC JTC1 SC22 WG21 N2383 = 07-0243 - 2007-08-05
Lawrence Crowl, email@example.com, Lawrence@Crowl.org
This document is a revision of a portion of N2325 = 07-0185 - 2007-06-22.
The primary problem with destruction of static-duration objects
is access to static-duration objects after their destructors have executed,
thus resulting in undefined behavior.
To prevent this problem,
Dynamic Initialization and Destruction with Concurrency
requires that all user threads finish before destruction begins
(via a call to
exit or return from
In many applications, finishing a thread requires canceling the thread from the outside. See N2320 Multi-threading Library for Standard C++ and its successors for proposed mechanisms to canceling threads. For various reasons, this cancellation needs to be cooperative.
In essence, the problem is that applications may not be able to cooperatively cancel. There are a number of reasons for this problem.
In summary, relying on only cooperative cancellation to terminate processes will not meet the needs of many applications.
If cooperative cancellation is not possible, it would be better to never execute static destructors. The Committee has clearly stated that it wishes to preserve execution of static destructors in normal applications. So, we need a mechanism to abandon an application process without cooperatively canceling all threads and without executing the static destructors.
Such a mechanism already exists in the
Unfortunately, that function has no mechanism
to enable applications to flush critical information to stable storage.
_exit is too drastic.
The existing standard has a facility (
to register functions
that must execute when the program exits
(via a return from
main or an explicit call to
That function, though, implies execution of the static destructors,
and thus does not solve the problem.
The solution lies between
a function that executes registered functions,
but does not execute static destructors.
Threads my continue to run while registered functions execute,
and static-duration variables are still live for both the threads
and the registered functions.
We considered using
atexit function registration facility,
but ultimately decided against it because
programs often use
atexit for destructor-like actions,
existing compilers often use
to register static destructors.
Thus a new registration facility is needed.
The burden of converting to the new registration facility
is not large,
programmers need simply find all calls to
and, after verifying that the register function is appropriate,
also call the new registration facility.
The number of calls to
atexit is not large.
For the new facility,
we have chosen
Other logical choices, like
_Exit already seem to be in use,
while there are no occurances of
in a Google code search.
Only one section of the standard need change to support this proposal.
In paragraph 1, table 20, edit
abort atexit exit
After the existing final paragraph 9, add a new function entry:
extern "C" int at_quick_exit(void (*f)(void))
extern "C++" int at_quick_exit(void (*f)(void))
Add a new paragraph 10,
at_quick_exit()functions register the function pointed to by
f, to be called without arguments when
Add a new paragraph 11,
For the execution of a function registered with
at_quick_exit(), if control leaves the function because it provides no handler for a thrown exception,
terminate()is called (220.127.116.11).
Add a new paragraph 12,
Implementation limits: The implementation shall support the registration of at least 32 functions.
Add a new paragraph 13,
at_quick_exit()function returns zero if the registration succeeds, nozero if it fails.
After the new paragraph 13, add a new function entry:
Add a new paragraph 14,
Effects: Functions registered by calling
at_quick_exitare called. Objects are not destroyed as a result of calling
quick_exit(). Functions with
at_quick_exitregistration are called in the reverse order of their registration, except that a function is called after any previously registered functions that had already been called at the time it was registered.
Add a new paragraph 15,
at_quick_exit()function does not return.