Am 05.05.2019 09:11, schrieb Matthieu Herrb: > On Sat, May 04, 2019 at 03:47:31PM -0700, Adam Richter wrote: >> Hi, everyone. >> >> I would like to propose that whoever has the ability to edit the web >> page add a line like the following to >> https://www.x.org/wiki/CodingStyle/ : >> >> - Separate assert(a && b) into assert(a) and assert(b). >> >> >> Thanks in advance for any input on this. > > Hi, > > I'm not sure if this advice belongs to this wiki page which is more > oriented on the appearance of the code than on semantics or > development good practices. > > On the development good practices side, I think assert() should be > banned as much as possible form libraries and drivers. > > You don't know anything about the caller context and having it beeing > brutally abort()ing is brutal and my lead to security issues > (data leaks in the core file for instance) or data corruption. > > In libraries assert() should never be used to reject bad user input or > any other error condition that can happen for some known reason. It > should really only be used to document conditions that should really > never happen. In all other cases the function should be able to return > an error to the caller (which should of course not ignore them). > >
i do not comment on the use of assert() generally, it can be used by anyone who likes that. Things are getting problematic when use like this: assert(0 < asprintf(&lf, "%s/Library/Logs/X11", home)); this is simply dangerous as you can define NDEBUG and let everything vanish. BTW are the libraries routinely compiled with NDEBUG enabled ? re, wh _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
