From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
To: Jes Sorensen <jes@trained-monkey.org>
Cc: linux-raid@vger.kernel.org
Subject: Re: [PATCH 2/2] mdadm: add map_num_s()
Date: Tue, 5 Apr 2022 10:28:25 +0200 [thread overview]
Message-ID: <20220405102825.00002148@linux.intel.com> (raw)
In-Reply-To: <968c2d7f-5115-486d-063a-f384aba2baae@trained-monkey.org>
On Mon, 4 Apr 2022 21:32:09 -0400
Jes Sorensen <jes@trained-monkey.org> wrote:
> On 1/20/22 07:18, Mariusz Tkaczyk wrote:
> > map_num() returns NULL if key is not defined. This patch adds
> > alternative, non NULL version for cases where NULL is not expected.
> >
> > There are many printf() calls where map_num() is called on variable
> > without NULL verification. It works, even if NULL is passed because
> > gcc is able to ignore NULL argument quietly but the behavior is
> > undefined. For safety reasons such usages will use map_num_s() now.
> > It is a potential point of regression.
>
> Hi Mariusz,
>
> I'll be honest with you, I don't like assert(), I consider it a lame
> excuse for proper error handling. That said, not blaming you as this
> is old code and it would take a lot of cleaning up, so this is better
> than nothing.
And that is true, assert() is not for errors handling. Is was made for
verifying function/application flows. Like here, I made not null
function and I guarantee that won't be returned. If it comes, then it
is a developer mistake and assert() should discover that during
testing.
Please see man:
https://man7.org/linux/man-pages/man3/assert.3.html
If the macro NDEBUG is defined at the moment <assert.h> was last
included, the macro assert() generates no code, and hence does
nothing at all. It is not recommended to define NDEBUG if using
assert() to detect error conditions since the software may behave
non-deterministically.
For production, the macro should be set and it generates no code. So
the behavior is configurable and OSV should add this flag to their
mdadm builds. In this case, we will end with previous implementation but
no additional error handling is required to satisfy our and external
requirements (like static code analysis).
It is also useful to validate function parameters which must be set, to
not insert dead conditions. Ideally, we should execute test with
asserts enabled to verify use cases.
Thanks,
Mariusz
next prev parent reply other threads:[~2022-04-05 8:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 12:18 [PATCH 0/2] Add map_num_s Mariusz Tkaczyk
2022-01-20 12:18 ` [PATCH 1/2] Create, Build: use default_layout() Mariusz Tkaczyk
2022-04-05 1:21 ` Jes Sorensen
2022-01-20 12:18 ` [PATCH 2/2] mdadm: add map_num_s() Mariusz Tkaczyk
2022-04-05 1:32 ` Jes Sorensen
2022-04-05 8:28 ` Mariusz Tkaczyk [this message]
2022-03-22 15:28 ` [PATCH 0/2] Add map_num_s Mariusz Tkaczyk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220405102825.00002148@linux.intel.com \
--to=mariusz.tkaczyk@linux.intel.com \
--cc=jes@trained-monkey.org \
--cc=linux-raid@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.