[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [RFC] Replacement for "assert" in the libraries

From: Vincent Lefevre <vincent+svn_at_vinc17.org>
Date: Tue, 17 Jun 2008 13:56:20 +0200

On 2008-06-17 10:47:10 +0100, Julian Foad wrote:
> I think assertions are most often triggered by simple bugs that have no
> risk of writing corrupt data to the repository or to anywhere, where the
> code merely encounters some unexpected combination of inputs that are
> individually valid. In these common cases, there is no danger in
> allowing the program to continue (either just to do a bit of cleaning up
> before exiting, or to keep going with other operations).

OK, but then, wouldn't it be better to have different kinds of
assertions? (Perhaps this is a part of what you mention below.)
Or is it too difficult to know in advance whether some failed
assertion is really bad?

> Remember that the conditions checked by assertion statements are not
> very different from, and sometimes exactly the same as, conditions that
> we already check with normal validation checks:
> /** ... and @a rev should be of kind "head" or "base", otherwise
> * we'll throw an error. */
> svn_func1(svn_opt_revision_t rev)
> {
> /* This API is designed such that it's our responsibility
> to validate this argument. */
> if (rev->kind != svn_opt_revision_head
> && rev->kind != svn_opt_revision_base)
> ...
> }
> /** ... and @a rev must be of kind "head" or "base". */
> svn_func2(svn_opt_revision_t rev)
> {
> /* This API is designed with API requirements that the
> * caller must obey. To assist development and debugging
> * we enforce the requirements with an assertion. */
> SVN_ERR_ASSERT(rev->kind == svn_opt_revision_head
> || rev->kind == svn_opt_revision_base);
> ...
> }

I think an error reported to the caller is generally quite safe here
(as long as it is handled correctly) because the check is done early
enough. But if you have started to modify internal structures then
do a consistency check and find that something is wrong, then I'd
say that an immediate abort would be better than trying to clean up,
because the clean up could be based on wrong data.

Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-17 13:56:42 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.