[Spice-devel] spice-server, logging and style
Frediano Ziglio
fziglio at redhat.com
Tue Nov 24 03:20:07 PST 2015
>
> On Mon, Nov 23, 2015 at 12:28:49PM -0500, Frediano Ziglio wrote:
> > > Maybe you are suggesting more or less the same thing :).
> > > To me, from worst to "less worse", when something unexpected happens:
> > > - not detected, code continues running but behaves unpredictably (can
> > > easily lead to a security vulnerability if this can be triggered from
> > > the guest)
> > > - detect the condition, and abort (assert())
> > > - detect the condition, log it, and keep running (return_if_fail())
> > >
> >
> > In some condition point 3 can be the same at point 1 so the order is a
> > bit scary to me. The return create two paths (taken or not) which
> > should be considered. The spice_assert has only one path; the condition
> > is met!
> >
> > > asserting is more comfortable for us developers, and probably easier,
> > > but this also means we are killing a user VM, so this should not be done
> > > lightly, which is why return_if_fail() is vastly better.
> > > It's probably not always possible to easily deal gracefully with such
> > > conditions, so yes, assert() is still an option when we don't have
> > > better choices.
> > >
> > > Christophe
> > >
> >
> > Well, what's worst than killing a VM? Leaving the host die because we
> > are too lazy!
>
> Yes, this is #1 in my list, and it's listed as worst than #2...
>
> Christophe
>
#3 (g_return_if family) can lead to host crash too.
Frediano
More information about the Spice-devel
mailing list