[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] lib: extend ASSERT()

  • To: George Dunlap <George.Dunlap@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 16 Feb 2022 12:42:45 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VyqF8PMq7Q7m6HjUTswowbWrBd6wMsRN8YiSyq/GMbM=; b=PrI7s0ZwJQk24i+NHqiZYslVYZ//m/3F/chVpsQjaqkm/QyjlFc6jOjCQ0PnwGSO0xNYwbIE6ql+HTu1jMaluz82QDBOmZyMaYfybZ9aC+YB54tk74jPiUrPwgDf94q0kX9BXjuZJ1JiR4ywbvf1gQHXBpwDzJSpd7iAEh+bJMXQed5w3AbMYRiTQVgMUVKhiawlG07qz/P7lMb/F/m0cyuXrcwcbgQ5lfsCZ12FIw/Y7rGMa9sUcJib4XmpqPS/+EuluPPGwdVoWcWHXCIXcU4KLJQsOmUKhRt9cj0lkOlvlfrnNrB2qvfLAVBq193+w13xx/7MZKD2jR1DGCnrbw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HICFJDiQmKzrOZF3k4z0x6n8Q6qg9MgNDoUWpMEax6pekU9gcmbiNUhEaj7d4dwfV1dvvO6xP7Y2T01vrvadB7muRiAc8g6JX89JrMGYblXgbFNBR61nYnwvSh3q2evJ83hTPwQ0R/GV4a7QPdRhHNiEJ4iXk+PvExZa1A3hb9hS4rEMlyl26KoMoPtOtBJuQZFexaaGF1RRxi8hzqsuOwBN5cnOemxviDJB3Sei3godu8b9pjf/VXKu7xy9vrlMtqvYNK/6AJQbalBbHHK0XXs9J4+5d7QX2QqASScBQ4bQ4sbKEAT2fx++w/OOBP78ZQ6weRhzx9mrWnPIwaZr2A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>
  • Delivery-date: Wed, 16 Feb 2022 11:43:04 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.02.2022 12:34, George Dunlap wrote:
>> On Feb 16, 2022, at 9:31 AM, Jan Beulich <jbeulich@xxxxxxxx> wrote:
>> On 16.02.2022 10:25, Bertrand Marquis wrote:
>>>> On 15 Feb 2022, at 21:00, Julien Grall <julien@xxxxxxx> wrote:
>>>> On 27/01/2022 14:34, Jan Beulich wrote:
>>>>> The increasing amount of constructs along the lines of
>>>>>    if ( !condition )
>>>>>    {
>>>>>        ASSERT_UNREACHABLE();
>>>>>        return;
>>>>>    }
>>>>> is not only longer than necessary, but also doesn't produce incident
>>>>> specific console output (except for file name and line number).
>>>>
>>>> So I agree that this construct will always result to a minimum 5 lines. 
>>>> Which is not nice. But the proposed change is...
>>>>
>>>>> Allow
>>>>> the intended effect to be achieved with ASSERT(), by giving it a second
>>>>> parameter allowing specification of the action to take in release builds
>>>>> in case an assertion would have triggered in a debug one. The example
>>>>> above then becomes
>>>>>    ASSERT(condition, return);
>>>>> Make sure the condition will continue to not get evaluated when just a
>>>>> single argument gets passed to ASSERT().
>>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>>>> ---
>>>>> v2: Rename new macro parameter.
>>>>> ---
>>>>> RFC: The use of a control flow construct as a macro argument may be
>>>>>     controversial.
>>>>
>>>> indeed controversial. I find this quite confusing and not something I 
>>>> would request a user to switch to if they use the longer version.
>>>>
>>>> That said, this is mainly a matter of taste. So I am interested to hear 
>>>> others view.
>>>>
>>>> I have also CCed Bertrand to have an opinions from the Fusa Group (I 
>>>> suspect this will go backward for them).
>>>
>>> Thanks and here is my feedback in regards to Fusa here.
>>>
>>> Most certification standards are forbidding completely macros including
>>> conditions (and quite a number are forbidding static inline with 
>>> conditions).
>>> The main reason for that is MCDC coverage (condition/decisions and not only
>>> code line) is not possible to do anymore down to the source code and has to 
>>> be
>>> done down to the pre-processed code.
>>>
>>> Out of Fusa considerations, one thing I do not like in this solution is the 
>>> fact that
>>> you put some code as parameter of the macro (the return).
>>>
>>> To make this a bit better you could put the return code as parameter
>>> instead of having “return CODE” as parameter.
>>
>> Except that it's not always "return" what you want, and hence it
>> can't be made implicit.
>>
>>> An other thing is that Xen ASSERT after this change will be quite different 
>>> from
>>> any ASSERT found in other projects which could make it misleading for 
>>> developers.
>>> Maybe we could introduce an ASSERT_RETURN macros instead of modifying the
>>> behaviour of the standard ASSERT ?
>>
>> Along the lines of the above, this would then mean a multitude of
>> new macros.
> 
> Out of curiosity, what kinds of other actions?

continue, break, assignments of e.g. error codes, just to name a
few immediately obvious ones.

> I am opposed to overloading “ASSERT” for this new kind of macro; I think it 
> would not only be unnecessarily confusing to people not familiar with our 
> codebase, but it would be too easy for people to fail to notice which macro 
> was being used.
> 
> ASSERT_ACTION(condition, code) (or even ASSERT_OR_ACTION()) would be a bare 
> minimum for me.
> 
> But I can’t imagine that there are more than a handful of actions we might 
> want to take, so defining a macro for each one shouldn’t be too burdensome.
> 
> Furthermore, the very flexibility seems dangerous; you’re not seeing what 
> actual code is generated, so it’s to easy to be “clever”, and/or write code 
> that ends up doing something different than you expect.
> 
> At the moment I think ASSERT_OR_RETURN(condition, code), plus other new 
> macros for the other behavior is needed, would be better.

Hmm, while I see your point of things possibly looking confusing or
unexpected, something like ASSERT_OR_RETURN() (shouldn't it be
ASSERT_AND_RETURN()?) is imo less readable. In particular I dislike
the larger amount of uppercase text. But yes, I could accept this
as a compromise as it still seems better to me than the multi-line
constructs we currently use.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.