[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v3 4/4] bridge driver: don't masquerade local subnet broadcast/multicast packets

On 09/24/13 18:28, Eric Blake wrote:
> On 09/24/2013 07:23 AM, Laszlo Ersek wrote:
>>>> +
>>>> +    localMulticast->prefix = 24;
>>>> +    result = virSocketAddrParseIPv4(&localMulticast->addr,
>>>> +                                    "");
>>>> +    sa_assert(result != -1);
>>> You must have accidentally left this in. libvirt is a library, so it
>>> must never assert. In a case where the called function is guaranteed to
>>> never fail (due to the args passed in), you can enclose it in
>>> ignore_value():
> Libraries must NOT use assert().  But libvirt MAY use sa_assert() -
> which exists only as a hint to shut up puny static analyzers and NOT as
> a way to abort execution if the constraint is violated (of course, if
> the constraint is violated, we still have a bug that needs fixing...).

OK this is theoretical now, but: what do you do when you detect
corruption of internal state? Ie. violation of invariants that are the
basis of whatever you do in the library? Going forward can easily
exacerbate the damage.

In life-critical systems you shut down (or isolate) the faulty component
I guess and let the redundant component(s) take over. But I think a
normal library is allowed to assert(), same as the kernel is allowed to
call BUG_ON().


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]