kfogel@collab.net wrote:
> "Stuart Celarier" <SCelarier@corillian.com> writes:
>
>>Karl wrote that there is an official policy on using assert in the
>>Subversion code, but that it "is so common-sensical that we don't bother
>>to write it down." [1]
>>
>>Can you help me understand what the official policy is? Maybe more than
>>one thing can make common sense.
>
> Maybe we should write this in hacking.html, hmm.
>
> The policy is simply that Subversion should never fail an assert due
> to data under user control, when Subversion has no way to know that
> the data is invalid at some point before the assert. In other
> words, no user-triggerable assertion failures.
Yes, I think that's worth putting in "hacking". To that extent, it's probably
obvious to many people, but what really makes it worth writing down is to
specifically state that this includes:
* (definitely) Data coming over a network connection.
* (? probably) Data read from the ".svn" admin area.
The decision to treat the second of those as "data under user control" is not
obvious.
Of course, this isn't a policy on "assert" as such; it covers a set of cases in
which we should not use "assert", but doesn't say anything about the rest of
the code.
- Julian
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 14 20:12:20 2006