Julian Foad wrote on Mon, Apr 23, 2012 at 20:40:59 +0100: > Daniel Shahaf wrote: > > > Julian Foad wrote: > >> I (Julian Foad) wrote: > >> > There isn't currently an easy build switch (such as NDEBUG) to disable > >> > SVN_ERR_ASSERT completely at compile time. That's just a side issue. > >> If > >> > you want such a switch, just ask; we can easily create one. Or if you > >> think we > >> > need two levels of assertions -- one for quick tests and another for > >> slow tests > >> > -- and want to be able to compile-out the slow ones independently of > >> the quick > >> > ones, just ask. But implying we should use 'assert' for slow tests and > >> > 'SVN_ERR_ASSERT' for quick tests is the Wrong Way. > >> > >> We can also introduce run-time control of whether the conditions are > >> evaluated: test a global 'assertions enabled?' variable or function > >> before evaluating the condition. For example: > [...] > > That doesn't sound right. Surely we don't want to allow disabling _all_ > > uses of SVN_ERR_ASSERT() this way? (Remember that some of them > > translate to segfaults (possibly corruptions?) if the condition doesn't > > hold) > > Hi Daniel. > > In places where there will be a seg-fault if the condition is false, > the assertion statement doesn't prevent abnormal program termination, > it only makes it easier to see what went wrong. >
SVN_ERR_ASSERT() prevents an abnormal termination when a non-default malfunction handler has been installed. > In places where the processing will continue with wrong data or wrong > behaviour if the condition is false, the assertion statement doesn't > prevent the program from going wrong, it just changes the failure mode > to a more obvious one. > > People who don't care about the failure mode in such cases may wish to > turn off the checks. > Depends, I think. If libsvn_ra asserts that a log message is in UTF-8, it is reasonable to want to disable that since the only harm resulting is an svn_error_create() on the server. But if libsvn_fs asserts the sanity of a revision before committing it, I think most people will prefer to have the commit attempt fail. (The latter example is not realistic since, at least in FSFS, we generally return an svn_error_t rather than an assertion when a sanity check fails.) > - Julian
