On 3/1/19 5:14 PM, Wei Liu wrote: > On Thu, Feb 28, 2019 at 06:49:05PM +0000, George Dunlap wrote: >> It's not always clear what the best way is to handle unexpected >> conditions: whether with ASSERT(), BUG_ON(), or some other method. >> All methods have a risk of introducing security vulnerabilities and >> unnecessary instabilities to production systems. >> >> Document when to try to return an error for unexpected conditions, >> when to use BUG_ON(), and when to use ASSERT(). >> >> Signed-off-by: George Dunlap <[email protected]> >> --- >> CC: Ian Jackson <[email protected]> >> CC: Wei Liu <[email protected]> >> CC: Andrew Cooper <[email protected]> >> CC: Jan Beulich <[email protected]> >> CC: Tim Deegan <[email protected]> >> CC: Konrad Wilk <[email protected]> >> CC: Stefano Stabellini <[email protected]> >> CC: Julien Grall <[email protected]> >> --- >> CODING_STYLE | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 79 insertions(+) >> >> diff --git a/CODING_STYLE b/CODING_STYLE >> index 6cc5b774cf..51159970c0 100644 >> --- a/CODING_STYLE >> +++ b/CODING_STYLE >> @@ -120,3 +120,82 @@ the end of files. It should be: >> * indent-tabs-mode: nil >> * End: >> */ >> + >> +Handling unexpected conditions >> +------------------------------ >> + >> +GUIDELINES: >> + >> +Passing errors up the stack should be used when the caller is already >> +expecting to handle errors, and the state when the error was >> +discovered isn’t broken, or too hard to fix. > > If the error is too hard to fix, what should the caller do after getting > an error? Should Xen continue with such broken state?
Right, I was sort of afraid this would be ambugious. This was meant to be "isn't broken or isn't too hard to fix". If it isn't broken, you can return, even if you're pretty sure the condition never happens. If it's broken but it's easy to fix, then fix it and return, even if you're pretty sure the condition never happens. If it's broken and not easy to fix, it may not be worth developer time handling that case, since you're pretty sure it never happens. I'll try to make this clearer. -George _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
