> > On Mon, Nov 23, 2015 at 12:28:49PM -0500, Frediano Ziglio wrote: > > > Maybe you are suggesting more or less the same thing :). > > > To me, from worst to "less worse", when something unexpected happens: > > > - not detected, code continues running but behaves unpredictably (can > > > easily lead to a security vulnerability if this can be triggered from > > > the guest) > > > - detect the condition, and abort (assert()) > > > - detect the condition, log it, and keep running (return_if_fail()) > > > > > > > In some condition point 3 can be the same at point 1 so the order is a > > bit scary to me. The return create two paths (taken or not) which > > should be considered. The spice_assert has only one path; the condition > > is met! > > > > > asserting is more comfortable for us developers, and probably easier, > > > but this also means we are killing a user VM, so this should not be done > > > lightly, which is why return_if_fail() is vastly better. > > > It's probably not always possible to easily deal gracefully with such > > > conditions, so yes, assert() is still an option when we don't have > > > better choices. > > > > > > Christophe > > > > > > > Well, what's worst than killing a VM? Leaving the host die because we > > are too lazy! > > Yes, this is #1 in my list, and it's listed as worst than #2... > > Christophe > #3 (g_return_if family) can lead to host crash too. Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel