Date: prev next · Thread: first prev next last
2015 Archives by date, by thread · List index


On 16.01.2015 15:14, Stephan Bergmann wrote:
On 01/16/2015 01:26 PM, Ashod Nakashian wrote:

code, modified code, or by a new external input,) which is vital for

Not sure I understand you here, but note that input data in itself 
should never be the reason for a failed precondition.  A failed 
precondition is always an indicator of a programming error.

right, best not to confuse validation of untrusted input (where debug
logging / SAL_INFO() is appropriate and checks must never be removed in
release builds) and bugs in the program code (where assert() is
appropriate).

[...]
A quick grep returns the following assertion functions (those
containing case-insensitive "assert"): assert, DBG_ASSERT, OSL_ASSERT,
DBG_BF_ASSERT. This is excluding CPPUNIT_ASSERT and assertions in
3rdparty libraries (which are out of scope).

History shows that moving from the legacy zoo of ill-specified, 
inconsistently-used functionality to a supposedly sane set is by no 
means trivial and is taking a long long time to accomplish.

indeed, the current problem is not that we don't know what the desirable
assertion/logging facilities should be, but consistently deploying them
throughout the code.

It is the inconsistent usage of the legacy functionality that makes it 
hard to properly map to one of the three to four advocated mechanisms du 
jour (static_assert, assert, SAL_LOG_IF, SAL_WARN_IF), and that 
apparently makes easy hackers shy away from it.

yes, and i'd go further to say that having easy-hackers convert existing
legacy assertions to assert() in particular is a bad idea: if done at
scale it could tie up a lot of developers investigating and fixing up
over time a large number of cases when the legacy assertion was actually
bogus or just intended as a "warning" about something "potentially
suspicious" that then manifest as crashes in debug builds.  the average
easy-hacker can't be expected to determine when an assert() is
appropriate and when a SAL_WARN(), and in my experience doing that is
often hard in code with which i'm not familiar.  that's also the reason
why i don't do too many conversions to assert() at a time, to limit the
time i'll spend fixing the cases when i guessed wrong; better to let
things soak for a week or two and then continue.

3) FailBreak: Calls FailLog then breaks into the debugger (typically
by issuing 'int 3' on x86/x64). (This might not be useful on
non-Windows platforms.)

My understanding is that Windows alrady offers this "break into the 
debugger" for plain abort?

yes it does, it pops up a dialog box. sometimes the button to start the
debugger doesn't work, but it always works to start visual studio
manually and attach to the process (which is blocking on the dialog box).



Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.