[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] lib: extend ASSERT()

  • To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 16 Feb 2022 10:31:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=P30MjygsaVXtlrX+n1Cq0GmO52L4wdwdMSAOZo9PDnk=; b=eeeVAUQ803bpaqXrEF6Yue3H93aixCXHyujzb2qQNamz0Glsu7vk0lClfjIzmc/VWHdDYCsDlYODVbZ3vIJK/2PeTtIugoz99RdTmr9ThaVSa3NWBy6Yv6hVCwmy3UTC566x9/tNsuMJ4HAxBIeid3iVgpOrsMXbRbLi5G12zh7CRWG7Olcd2X+/J9IVC5uZwCYBYeXUBz/8f36nKfPwDk8EAE0TaxdPMERTQvRAtjlOdp8yKeYEhidBFeZtv1lEF9L9k2Bix8IDLm7uDfLajtz0GQMZ0bY20Du0Abh0ln8uNnBZEZ1qz7R8S9f+PHX56QDHsYSuLISa9It4lvA3uQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OegDvY3c0ZkB7qvZM+IwiS4/tRZZT9dhLj/D5eBt6nOSiMVJBZt4xHDbsYOl+HCoiiJ9P7Huy5i6T1KH0+txDWl4CyFt6diVzWbGKY0yoaUL+Gy3ctdxiBQk3ofSj5Tl/uybbZSUjLtbNn6wqLw7qe/zLwDYPc3ZVFRFjaXO+Dten2T3h6XRr8e6Yy/9VbVTDBRT23z1tI8T0ecXhaDNO0kSJ96U9AvhBJTjWr57WFTyCdb7kx9eS6dkkZVuEwo3KZrBN8eB/D8PFInMgWgDIitAn0Mynuw1DBA7FgC9bKUBhmIXGj00Dfh6T76/g3QjbQTHDXWu8SpVL285SOW0+w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 09:32:02 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.02.2022 10:25, Bertrand Marquis wrote:
> Hi Jan, Julien,
> 
>> On 15 Feb 2022, at 21:00, Julien Grall <julien@xxxxxxx> wrote:
>>
>> (+ Bertrand)
>>
>> Hi Jan,
>>
>> On 27/01/2022 14:34, Jan Beulich wrote:
>>> The increasing amount of constructs along the lines of
>>>     if ( !condition )
>>>     {
>>>         ASSERT_UNREACHABLE();
>>>         return;
>>>     }
>>> is not only longer than necessary, but also doesn't produce incident
>>> specific console output (except for file name and line number).
>>
>> So I agree that this construct will always result to a minimum 5 lines. 
>> Which is not nice. But the proposed change is...
>>
>>> Allow
>>> the intended effect to be achieved with ASSERT(), by giving it a second
>>> parameter allowing specification of the action to take in release builds
>>> in case an assertion would have triggered in a debug one. The example
>>> above then becomes
>>>     ASSERT(condition, return);
>>> Make sure the condition will continue to not get evaluated when just a
>>> single argument gets passed to ASSERT().
>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>> ---
>>> v2: Rename new macro parameter.
>>> ---
>>> RFC: The use of a control flow construct as a macro argument may be
>>>      controversial.
>>
>> indeed controversial. I find this quite confusing and not something I would 
>> request a user to switch to if they use the longer version.
>>
>> That said, this is mainly a matter of taste. So I am interested to hear 
>> others view.
>>
>> I have also CCed Bertrand to have an opinions from the Fusa Group (I suspect 
>> this will go backward for them).
> 
> Thanks and here is my feedback in regards to Fusa here.
> 
> Most certification standards are forbidding completely macros including
> conditions (and quite a number are forbidding static inline with conditions).
> The main reason for that is MCDC coverage (condition/decisions and not only
> code line) is not possible to do anymore down to the source code and has to be
> done down to the pre-processed code.
> 
> Out of Fusa considerations, one thing I do not like in this solution is the 
> fact that
> you put some code as parameter of the macro (the return).
> 
> To make this a bit better you could put the return code as parameter
> instead of having “return CODE” as parameter.

Except that it's not always "return" what you want, and hence it
can't be made implicit.

> An other thing is that Xen ASSERT after this change will be quite different 
> from
> any ASSERT found in other projects which could make it misleading for 
> developers.
> Maybe we could introduce an ASSERT_RETURN macros instead of modifying the
> behaviour of the standard ASSERT ?

Along the lines of the above, this would then mean a multitude of
new macros.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.