Proposed addition to CodingStyle web page about assert(a && b)
walter harms
wharms at bfs.de
Sun May 5 14:18:17 UTC 2019
Am 05.05.2019 09:11, schrieb Matthieu Herrb:
> On Sat, May 04, 2019 at 03:47:31PM -0700, Adam Richter wrote:
>> Hi, everyone.
>>
>> I would like to propose that whoever has the ability to edit the web
>> page add a line like the following to
>> https://www.x.org/wiki/CodingStyle/ :
>>
>> - Separate assert(a && b) into assert(a) and assert(b).
>>
>>
>> Thanks in advance for any input on this.
>
> Hi,
>
> I'm not sure if this advice belongs to this wiki page which is more
> oriented on the appearance of the code than on semantics or
> development good practices.
>
> On the development good practices side, I think assert() should be
> banned as much as possible form libraries and drivers.
>
> You don't know anything about the caller context and having it beeing
> brutally abort()ing is brutal and my lead to security issues
> (data leaks in the core file for instance) or data corruption.
>
> In libraries assert() should never be used to reject bad user input or
> any other error condition that can happen for some known reason. It
> should really only be used to document conditions that should really
> never happen. In all other cases the function should be able to return
> an error to the caller (which should of course not ignore them).
>
>
i do not comment on the use of assert() generally, it can be used
by anyone who likes that. Things are getting problematic when use
like this:
assert(0 < asprintf(&lf, "%s/Library/Logs/X11", home));
this is simply dangerous as you can define NDEBUG and let everything vanish.
BTW are the libraries routinely compiled with NDEBUG enabled ?
re,
wh
More information about the xorg-devel
mailing list