[Spice-devel] spice-server, logging and style
Christophe Fergeau
cfergeau at redhat.com
Tue Nov 24 02:41:27 PST 2015
On Mon, Nov 23, 2015 at 12:28:49PM -0500, Frediano Ziglio wrote:
> > Maybe you are suggesting more or less the same thing :).
> > To me, from worst to "less worse", when something unexpected happens:
> > - not detected, code continues running but behaves unpredictably (can
> > easily lead to a security vulnerability if this can be triggered from
> > the guest)
> > - detect the condition, and abort (assert())
> > - detect the condition, log it, and keep running (return_if_fail())
> >
>
> In some condition point 3 can be the same at point 1 so the order is a
> bit scary to me. The return create two paths (taken or not) which
> should be considered. The spice_assert has only one path; the condition
> is met!
>
> > asserting is more comfortable for us developers, and probably easier,
> > but this also means we are killing a user VM, so this should not be done
> > lightly, which is why return_if_fail() is vastly better.
> > It's probably not always possible to easily deal gracefully with such
> > conditions, so yes, assert() is still an option when we don't have
> > better choices.
> >
> > Christophe
> >
>
> Well, what's worst than killing a VM? Leaving the host die because we
> are too lazy!
Yes, this is #1 in my list, and it's listed as worst than #2...
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20151124/cb8ba6f3/attachment.sig>
More information about the Spice-devel
mailing list