On Mon, Nov 23, 2015 at 12:28:49PM -0500, Frediano Ziglio wrote: > > Maybe you are suggesting more or less the same thing :). > > To me, from worst to "less worse", when something unexpected happens: > > - not detected, code continues running but behaves unpredictably (can > > easily lead to a security vulnerability if this can be triggered from > > the guest) > > - detect the condition, and abort (assert()) > > - detect the condition, log it, and keep running (return_if_fail()) > > > > In some condition point 3 can be the same at point 1 so the order is a > bit scary to me. The return create two paths (taken or not) which > should be considered. The spice_assert has only one path; the condition > is met! > > > asserting is more comfortable for us developers, and probably easier, > > but this also means we are killing a user VM, so this should not be done > > lightly, which is why return_if_fail() is vastly better. > > It's probably not always possible to easily deal gracefully with such > > conditions, so yes, assert() is still an option when we don't have > > better choices. > > > > Christophe > > > > Well, what's worst than killing a VM? Leaving the host die because we > are too lazy! Yes, this is #1 in my list, and it's listed as worst than #2... Christophe
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel