On Tue, 2015-11-24 at 06:20 -0500, Frediano Ziglio wrote: > > > > On Mon, Nov 23, 2015 at 12:28:49PM -0500, Frediano Ziglio wrote: > > > > Maybe you are suggesting more or less the same thing :). > > > > To me, from worst to "less worse", when something unexpected happens: > > > > - not detected, code continues running but behaves unpredictably (can > > > > easily lead to a security vulnerability if this can be triggered from > > > > the guest) > > > > - detect the condition, and abort (assert()) > > > > - detect the condition, log it, and keep running (return_if_fail()) > > > > > > > > > > In some condition point 3 can be the same at point 1 so the order is a > > > bit scary to me. The return create two paths (taken or not) which > > > should be considered. The spice_assert has only one path; the condition > > > is met! > > > > > > > asserting is more comfortable for us developers, and probably easier, > > > > but this also means we are killing a user VM, so this should not be done > > > > lightly, which is why return_if_fail() is vastly better. > > > > It's probably not always possible to easily deal gracefully with such > > > > conditions, so yes, assert() is still an option when we don't have > > > > better choices. > > > > > > > > Christophe > > > > > > > > > > Well, what's worst than killing a VM? Leaving the host die because we > > > are too lazy! > > > > Yes, this is #1 in my list, and it's listed as worst than #2... > > > > Christophe > > > > #3 (g_return_if family) can lead to host crash too. I think the point is to only use return_if_fail() in cases that don't lead to crashes Jonathon _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel