[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] lib: extend ASSERT()

  • To: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 16 Feb 2022 15:03:01 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fbHJh9+VpQt+jxKRi6sRQbJmhe/uEsMO9RV0NKUOEqY=; b=NLamZC88l6BYl2n4kbMzoR1vlhq4dvGMB2ZqsQv7KSufRloG9jUJy+Hu6i9Crkja71x2dWm5VsuyZfByWwK0dD7/ov7ByDood4nhby5H/BK8evJFS0MROwL3jyAdjKazMN4vl+5f9xn9iM8F5wwOHffinmiyy2jvehKxTRQwkXD3wov6FhWTkZvSQ+U4HCHu4/Dx1oYFg5C9akMkMdUbTrLz0weByVz7Eu+FLzVjsxRGqlm2P8TSL4IBLiLsW+0vamsAhVOH8mMpJ6lVF7oHQYhGDevdOZlTppMuQEnlcTI1Ays5O/hnDbMAWXLHu8jpNpdU+C7cKa2ENfaKqqt6uA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LEbcTjyCBgs045LwF/kxSh8ZXgPqWxbbPsDSxz+PT1uAwssYOrZJ+2a9Aij2Q7eHENLWgokrEX+zfQjGuS+J7TpfuXmi0SDp6u1SihCLo+vJWR4Dhb5OddJfEOHQP9TpEpp9bnHIztxlahQOEYVjHMWJGcSijFLKOJ6D57P11Zop3EVE9TwZas6OwznvaV+ekxSJdsUGjlD44enHwwFVCbA3Wh66bKPFZtRKpEY4cq/kwkwUHPDlqB8GDpWIVVg6xWug4e6ll2MQuO6noFtRS/nATrZCJ0BwMbNx4Pv4Ff9xrMfy4aAPfrD1UPvZ79aIWDsn1vdjSa2sGbFbiYEWlw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 14:03:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.02.2022 14:57, Bertrand Marquis wrote:
>> On 16 Feb 2022, at 12:23, George Dunlap <George.Dunlap@xxxxxxxxxx> wrote:
>>> On Feb 16, 2022, at 11:42 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>> On 16.02.2022 12:34, George Dunlap wrote:
>>>> I am opposed to overloading “ASSERT” for this new kind of macro; I think 
>>>> it would not only be unnecessarily confusing to people not familiar with 
>>>> our codebase, but it would be too easy for people to fail to notice which 
>>>> macro was being used.
>>>>
>>>> ASSERT_ACTION(condition, code) (or even ASSERT_OR_ACTION()) would be a 
>>>> bare minimum for me.
>>>>
>>>> But I can’t imagine that there are more than a handful of actions we might 
>>>> want to take, so defining a macro for each one shouldn’t be too burdensome.
>>>>
>>>> Furthermore, the very flexibility seems dangerous; you’re not seeing what 
>>>> actual code is generated, so it’s to easy to be “clever”, and/or write 
>>>> code that ends up doing something different than you expect.
>>>>
>>>> At the moment I think ASSERT_OR_RETURN(condition, code), plus other new 
>>>> macros for the other behavior is needed, would be better.
>>>
>>> Hmm, while I see your point of things possibly looking confusing or
>>> unexpected, something like ASSERT_OR_RETURN() (shouldn't it be
>>> ASSERT_AND_RETURN()?) is imo less readable. In particular I dislike
>>> the larger amount of uppercase text. But yes, I could accept this
>>> as a compromise as it still seems better to me than the multi-line
>>> constructs we currently use.
>>
>> I see what you’re saying with AND/OR; I personally still prefer OR but 
>> wouldn’t argue to hard against AND if others preferred it.
>>
>> As far as I’m concerned, the fact that we’re reducing lines of code isn’t a 
>> reason to use this at all.  As our CODING_STYLE says, ASSERT() is just a 
>> louder printk.  We would never consider writing PRINTK_AND_RETURN(), and we 
>> would never consider writing a macro like CONDRET(condition, retval) to 
>> replace
>>
>> if (condition)
>>    return retval;
>>
>> The only justification for this kind of macro, in my opinion, is to avoid 
>> duplication errors; i.e. replacing your code segment with the following:
>>
>> if (condition) {
>>    ASSERT(!condition);
>>    return foo;
>> }
>>
>> is undesirable because there’s too much risk that the conditions will drift 
>> or be inverted incorrectly. But having control statements like ‘return’ and 
>> ‘continue’ in a macro is also undesirable in my opinion; I’m personally not 
>> sure which I find most undesirable.
>>
>> I guess one advantage of something like ASSERT_OR(condition, return foo); or 
>> ASSERT_OR(condition, continue); is that searching for “return” or “continue” 
>> will come up even if you’re doing a case-sensitive search.  But I’m still 
>> wary of unintended side effects.
>>
>> Bertrand / Julien, any more thoughts?
> 
> I think that having macros which are magic like that one which includes a 
> possible return and the fact that the macro is taking code as argument is 
> making the code really hard to read and understand for someone not knowing 
> this.
> Even the code is longer right now, it is more readable and easy to understand 
> which means less chance for errors so I do not think the macro will avoid 
> errors but might in fact introduce some in the future.
> 
> So I am voting to keep the current macro as it is.

But you recall that there were two aspects to me wanting the switch?
(Source) code size was only one. The other was that ASSERT_UNREACHABLE()
doesn't show the original expression which has triggered the failure,
unlike ASSERT() does.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.