[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] lib: extend ASSERT()

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 16 Feb 2022 17:55:35 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nJ3QIv3gyXxNBpKX4V2oQnb7NclhrJCVNS4iz/AKMdc=; b=Wx4jyt9y8AAN1Obn8UzpTXA++MhtX628/vdL1QXYFcC2HkQNLZIaJCTA40OD6vFtVs9q4EBWzMSD2gCIg0ZGY3Fk3zmXfbisvoq1HHPOU+Hwu+rKRUedxiNg4OjTy1z7PH2I39DXefUOxbil/OY1/ZGwPuabru3LYhu2odEYO1tn38qbBRrLxZ7cmvH06t5FKBvmzZnbBWuumk39y+ZCrUQegatt2/wNIRzf+uOoLMd8UEnXrFYS6JQxAm96b3jcQkSYBhBEiub0zXSvb4IIV9VP4EIkG0jgkfKwWfwbEqc3kRUmTKQsxMMkOjVFZ1cCR8Gkimbe+dg6lOpSJESsxw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XiEdZw7RJNppa75g0ZklvWe+tqwh4iDu+240N5iTmlWpMKTrCx3PKiMsmoyCiwKjXFG6p6iBexs9dj2ixd1pzA2k6cKEj0o9v+VameXU/PJlUl8RKoRrV1QLrqmUlIxo2iKq6YPGMCAJmsE+NmYBanCX9XteVlV9vjKkxewKx9qutLAtBeNtX4yvzMcJsyAgnxyfLEEJB5ciXiwhqXz4zgaTefMxKfF6Cyu8OxDDvdFVDiQ9LgLadFz670lO6hOaqWWoP2G/FfdZZsEvA/Y+4fqtVEh3NHfttoGNUCOVQuYOIHnsG6BYUc5sl5iWcZHYC04SqqZxa0M0gAs62fFWzA==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 17:56:15 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYE4sUwaOwwc8tCU249z99fRIDqqyVNw0AgADQBoCAAAHjAIAAIjuAgAACWYCAAAt3gIAAGi0AgAABjYCAAAkmAIAAAikAgAA1qgA=
  • Thread-topic: [PATCH v2] lib: extend ASSERT()
Hi Jan,

> On 16 Feb 2022, at 14:43, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> On 16.02.2022 15:35, Bertrand Marquis wrote:
>> Hi Jan,
>> 
>>> On 16 Feb 2022, at 14:03, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>> 
>>> On 16.02.2022 14:57, Bertrand Marquis wrote:
>>>>> On 16 Feb 2022, at 12:23, George Dunlap <George.Dunlap@xxxxxxxxxx> wrote:
>>>>>> On Feb 16, 2022, at 11:42 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>>>>> On 16.02.2022 12:34, George Dunlap wrote:
>>>>>>> I am opposed to overloading “ASSERT” for this new kind of macro; I 
>>>>>>> think it would not only be unnecessarily confusing to people not 
>>>>>>> familiar with our codebase, but it would be too easy for people to fail 
>>>>>>> to notice which macro was being used.
>>>>>>> 
>>>>>>> ASSERT_ACTION(condition, code) (or even ASSERT_OR_ACTION()) would be a 
>>>>>>> bare minimum for me.
>>>>>>> 
>>>>>>> But I can’t imagine that there are more than a handful of actions we 
>>>>>>> might want to take, so defining a macro for each one shouldn’t be too 
>>>>>>> burdensome.
>>>>>>> 
>>>>>>> Furthermore, the very flexibility seems dangerous; you’re not seeing 
>>>>>>> what actual code is generated, so it’s to easy to be “clever”, and/or 
>>>>>>> write code that ends up doing something different than you expect.
>>>>>>> 
>>>>>>> At the moment I think ASSERT_OR_RETURN(condition, code), plus other new 
>>>>>>> macros for the other behavior is needed, would be better.
>>>>>> 
>>>>>> Hmm, while I see your point of things possibly looking confusing or
>>>>>> unexpected, something like ASSERT_OR_RETURN() (shouldn't it be
>>>>>> ASSERT_AND_RETURN()?) is imo less readable. In particular I dislike
>>>>>> the larger amount of uppercase text. But yes, I could accept this
>>>>>> as a compromise as it still seems better to me than the multi-line
>>>>>> constructs we currently use.
>>>>> 
>>>>> I see what you’re saying with AND/OR; I personally still prefer OR but 
>>>>> wouldn’t argue to hard against AND if others preferred it.
>>>>> 
>>>>> As far as I’m concerned, the fact that we’re reducing lines of code isn’t 
>>>>> a reason to use this at all.  As our CODING_STYLE says, ASSERT() is just 
>>>>> a louder printk.  We would never consider writing PRINTK_AND_RETURN(), 
>>>>> and we would never consider writing a macro like CONDRET(condition, 
>>>>> retval) to replace
>>>>> 
>>>>> if (condition)
>>>>>  return retval;
>>>>> 
>>>>> The only justification for this kind of macro, in my opinion, is to avoid 
>>>>> duplication errors; i.e. replacing your code segment with the following:
>>>>> 
>>>>> if (condition) {
>>>>>  ASSERT(!condition);
>>>>>  return foo;
>>>>> }
>>>>> 
>>>>> is undesirable because there’s too much risk that the conditions will 
>>>>> drift or be inverted incorrectly. But having control statements like 
>>>>> ‘return’ and ‘continue’ in a macro is also undesirable in my opinion; I’m 
>>>>> personally not sure which I find most undesirable.
>>>>> 
>>>>> I guess one advantage of something like ASSERT_OR(condition, return foo); 
>>>>> or ASSERT_OR(condition, continue); is that searching for “return” or 
>>>>> “continue” will come up even if you’re doing a case-sensitive search.  
>>>>> But I’m still wary of unintended side effects.
>>>>> 
>>>>> Bertrand / Julien, any more thoughts?
>>>> 
>>>> I think that having macros which are magic like that one which includes a 
>>>> possible return and the fact that the macro is taking code as argument is 
>>>> making the code really hard to read and understand for someone not knowing 
>>>> this.
>>>> Even the code is longer right now, it is more readable and easy to 
>>>> understand which means less chance for errors so I do not think the macro 
>>>> will avoid errors but might in fact introduce some in the future.
>>>> 
>>>> So I am voting to keep the current macro as it is.
>>> 
>>> But you recall that there were two aspects to me wanting the switch?
>>> (Source) code size was only one. The other was that ASSERT_UNREACHABLE()
>>> doesn't show the original expression which has triggered the failure,
>>> unlike ASSERT() does.
>> 
>> Sorry I focused on the macro part after Julien asked me to comment from the 
>> Fusa point of view.
>> 
>> The usual expectation is that an ASSERT should never occur and is an help 
>> for the programmer to detect programming errors. Usually an assert is 
>> crashing the application with an information of where an assert was 
>> triggered.
>> In the current case, the assert is used as debug print and in production 
>> mode an error is returned if this is happening without any print. Isn’t this 
>> a debug print case instead of an assert ?
> 
> Depends on the terminology you want to use: Our ASSERT() is in no way
> different in this regard from the C standard's assert(). The message
> logged is of course to aid the developers. But personally I'd call it
> more than just a "debug print".

But it will be if we change it. But I agree with you it is more than a debug 
print.

Bertrand

> 
> Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.