From owner-freebsd-arch@freebsd.org  Mon May 28 20:07:40 2018
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B2DFF7F616
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Mon, 28 May 2018 20:07:40 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 014408133F
 for <freebsd-arch@freebsd.org>; Mon, 28 May 2018 20:07:40 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id B4758F7F611; Mon, 28 May 2018 20:07:39 +0000 (UTC)
Delivered-To: arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2203F7F610
 for <arch@mailman.ysv.freebsd.org>; Mon, 28 May 2018 20:07:39 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: from smtp.freebsd.org (unknown [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 56CFA8133C;
 Mon, 28 May 2018 20:07:39 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: from [192.168.1.4] (c-73-241-240-124.hsd1.ca.comcast.net
 [73.241.240.124])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 (Authenticated sender: rpokala)
 by smtp.freebsd.org (Postfix) with ESMTPSA id BCDF717947;
 Mon, 28 May 2018 20:07:38 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
User-Agent: Microsoft-MacOutlook/10.d.1.180523
Date: Mon, 28 May 2018 13:07:35 -0700
Subject: Re: To assert() or not to assert(), that is not really a question...
From: Ravi Pokala <rpokala@freebsd.org>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: <arch@freebsd.org>
Message-ID: <40636EBA-9D41-4F3E-8D10-3654E92FC6AA@panasas.com>
Thread-Topic: To assert() or not to assert(), that is not really a question...
References: <4514.1527319154@critter.freebsd.dk>
 <4427091E-3B0E-4C34-B4C6-3557DD7B55E4@panasas.com>
 <22469.1527531846@critter.freebsd.dk>
In-Reply-To: <22469.1527531846@critter.freebsd.dk>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: quoted-printable
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 May 2018 20:07:40 -0000

Interesting stuff. Thanks, phk!

-Ravi (rpokala@)

=EF=BB=BF-----Original Message-----
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: 2018-05-28, Monday at 11:24
To: Ravi Pokala <rpokala@freebsd.org>
Cc: <arch@freebsd.org>
Subject: Re: To assert() or not to assert(), that is not really a question.=
..

--------
In message <4427091E-3B0E-4C34-B4C6-3557DD7B55E4@panasas.com>, Ravi Pokala =
writ
es:

>> 1. "Regular asserts" - things which are just plain wrong, which
>>    probably means we have a genuine bug somewhere.  Examples could
>>    be null pointers where previous checks should have ensured this
>>    not be so.  Also error situations for which there is no saner
>>    handling that killing the projcess.
>>=20
>> ...
>>=20
>> 3. "wrong asserts" - Internal state is messed up, program flow
>>    has taken a "impossible" branch.  A good example is the
>>    default branch of a switch on a finite input set.
>
>Hi Poul-Henning,
>
>I am in strong overall agreement with your argument. I am however
>confused as to how (1) and (3) are different; they're both irrevocably
>bad internal state.

The regular assert is assert() as we know and love it, and if it triggers
it reports the C-source of the failing condition.

The WRONG macro always triggers, and reports its string argument.

Here is a random snippet of varnish code showing both:

        /* Per specification */
        assert(sizeof vpx1_sig =3D=3D 5);
        assert(sizeof vpx2_sig =3D=3D 12);

        [...]
        p =3D req->htc->rxbuf_b;
        if (p[0] =3D=3D vpx1_sig[0])
                i =3D vpx_proto1(wrk, req);
        else if (p[0] =3D=3D vpx2_sig[0])
                i =3D vpx_proto2(wrk, req);
        else
                WRONG("proxy sig mismatch");


Poul-Henning

PS:

You can explore the Varnish source code here:

	https://github.com/varnishcache/varnish-cache

Asserts defined in:

	.../include/vas.h

Custom backtrace/state dump in:

	.../bin/varnishd/cache/cache_panic.c

Code coverage results:

	http://varnish-cache.org/gcov/

You may also find the void-pointer paranoia interesting:

	.../include/miniobj.h

--=20
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe   =20
Never attribute to malice what can adequately be explained by incompetence.