From: "Kyle J. McKay" <mackyle@gmail.com>
To: Junio C Hamano <gitster@pobox.com>, Jeff King <peff@peff.net>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Jonathan Tan <jonathantanmy@google.com>
Cc: Git mailing list <git@vger.kernel.org>
Subject: [PATCH v2] mailinfo.c: move side-effects outside of assert
Date: Mon, 19 Dec 2016 15:13:00 -0800 [thread overview]
Message-ID: <ebaf4c892a78bc3ae614a23d87f9c0f@58437222ff6db9ee7cbe9d1a5a1ad4e> (raw)
In-Reply-To: <xmqqbmw7ocoz.fsf@gitster.mtv.corp.google.com>
On Dec 19, 2016, at 13:01, Junio C Hamano wrote:
> Jonathan Tan <jonathantanmy@google.com> writes:
>
>>>> This is obviously an improvement, but it makes me wonder if we
>>>> should be
>>>> doing:
>>>>
>>>> if (!check_header(mi, &mi->inbody_header_accum, mi->s_hdr_data))
>>>> die("BUG: some explanation of why this can never happen");
>>>>
>>>> which perhaps documents the intended assumptions more clearly. A
>>>> comment
>>>> regarding the side effects might also be helpful.
>>>
>>> I wondered exactly the same thing myself. I was hoping Jonathan
>>> would
>>> pipe in here with some analysis about whether this is:
>>>
>>> a) a super paranoid, just-in-case, can't really ever fail because
>>> by
>>> the time we get to this code we've already effectively validated
>>> everything that could cause check_header to return false in this
>>> case
>>> ...
>> The answer is "a". The only time that mi->inbody_header_accum is
>> appended to is in check_inbody_header, and appending onto a blank
>> mi->inbody_header_accum always happens when is_inbody_header is true
>> (which guarantees a prefix that causes check_header to always return
>> true).
>>
>> Peff's suggestion sounds reasonable to me, maybe with an error
>> message
>> like "BUG: inbody_header_accum, if not empty, must always contain a
>> valid in-body header".
>
> OK. So we do not expect it to fail, but we still do want the side
> effect of that function (i.e. accmulation into the field).
>
> Somebody care to send a final "agreed-upon" version?
Yup, here it is:
-- 8< --
Since 6b4b013f18 (mailinfo: handle in-body header continuations,
2016-09-20, v2.11.0) mailinfo.c has contained new code with an
assert of the form:
assert(call_a_function(...))
The function in question, check_header, has side effects. This
means that when NDEBUG is defined during a release build the
function call is omitted entirely, the side effects do not
take place and tests (fortunately) start failing.
Move the function call outside of the assert and assert on
the result of the function call instead so that the code
still works properly in a release build and passes the tests.
Since the only time that mi->inbody_header_accum is appended to is
in check_inbody_header, and appending onto a blank
mi->inbody_header_accum always happens when is_inbody_header is
true, this guarantees a prefix that causes check_header to always
return true.
Therefore replace the assert with an if !check_header + DIE
combination to reflect this.
Helped-by: Jonathan Tan <jonathantanmy@google.com>
Helped-by: Jeff King <peff@peff.net>
Acked-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
Notes:
Please include this PATCH in 2.11.x maint
mailinfo.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mailinfo.c b/mailinfo.c
index 2fb3877e..a489d9d0 100644
--- a/mailinfo.c
+++ b/mailinfo.c
@@ -710,7 +710,8 @@ static void flush_inbody_header_accum(struct mailinfo *mi)
{
if (!mi->inbody_header_accum.len)
return;
- assert(check_header(mi, &mi->inbody_header_accum, mi->s_hdr_data, 0));
+ if (!check_header(mi, &mi->inbody_header_accum, mi->s_hdr_data, 0))
+ die("BUG: inbody_header_accum, if not empty, must always contain a valid in-body header");
strbuf_reset(&mi->inbody_header_accum);
}
---
next prev parent reply other threads:[~2016-12-19 23:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-17 19:54 [PATCH] mailinfo.c: move side-effects outside of assert Kyle J. McKay
2016-12-19 17:45 ` Johannes Schindelin
2016-12-19 20:03 ` Jeff King
2016-12-19 20:38 ` Kyle J. McKay
2016-12-19 20:54 ` Jonathan Tan
2016-12-19 21:01 ` Junio C Hamano
2016-12-19 23:13 ` Kyle J. McKay [this message]
2016-12-19 23:26 ` [PATCH v2] " Junio C Hamano
2016-12-19 23:54 ` [PATCH v3] " Kyle J. McKay
2016-12-20 14:12 ` [PATCH] " Johannes Schindelin
2016-12-20 16:45 ` Jeff King
2016-12-21 5:54 ` Kyle J. McKay
2016-12-21 15:55 ` Jeff King
2016-12-22 2:21 ` Kyle J. McKay
2016-12-22 3:34 ` Jeff King
2016-12-22 17:57 ` Junio C Hamano
2016-12-22 3:53 ` Kyle J. McKay
2016-12-22 3:59 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ebaf4c892a78bc3ae614a23d87f9c0f@58437222ff6db9ee7cbe9d1a5a1ad4e \
--to=mackyle@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jonathantanmy@google.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).