>>> George Dunlap <[email protected]> 03/01/19 6:39 PM >>> >On 3/1/19 5:12 PM, Jan Beulich wrote: >>>>> George Dunlap <[email protected]> 02/28/19 7:50 PM >>> >>> +* Programmers can use ASSERT(), which will cause the check to be >>> +executed in DEBUG builds, and cause the hypervisor to crash if it's >>> +violated >> >> Is it perhaps worth calling out explicitly that the supposed crash may occur >> much later, in a different context, and hence be perhaps rather difficult to >> analyze/debug? > >Sorry, I don't quite understand this -- when you trigger an ASSERT() it >crashes right away last time I checked. Did you mean instead to reply >to the ASSERT() section of the GUIDELINES, which says you can use ASSERT >if it may have an effect later whose badness is equal to or less than a >host crash?
I did indeed pick the wrong context for my reply, and had meant that other place instead. >It also occurs to me that ASSERT()s are really orthogonal to the other >three: At each point, you should consider whether in a production >hypervisor you should 1) do nothing, 2) return an error, 3) crash the >domain, or 4) crash the hypervisor; and in the case of 1-3, you might >also want to add an ASSERT to move the detection of unexpected state >closer to the point where it happens. Agreed. Jan _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
