httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Sutton <p...@c2.net>
Subject assert evilness
Date Sat, 09 May 1998 19:03:52 GMT
On 9 May 1998 ben@hyperreal.org wrote:
> ben         98/05/09 08:00:50
>        n = GetFullPathName(szFile, sizeof buf, buf, &szFilePart);
>   -    assert(n);
>   -    assert(n < sizeof buf);
>   +    ap_assert(n);
>   +    ap_assert(n < sizeof buf);

Am I the only person that thinks asserts() are basically evil? 

If there is a risk of an error occurring, we should trap it, log it, and
do something logical, like move onto the next request or exit. Taking this
code as an example, if an assert here gets triggered, we log an almost
meaningless (to the end user) error ("assertion failed: n") or similar.
The process then exits, killing all the other threads which may be
processing requests. Modules don't get to clean themselves up, no cleanups
are run. This client gets a no-data response. All other clients in
progress get dropped whereever they are.

Of course, if assert itself is used (rather than ap_assert), things get
even worse, since you lose the error tracking on release builds, thus
potentially introducing errors (and buffer overruns) into the most
important place where they should not exist: production code. 

In fact I'd go as far as proposing a new rule for the style guide:

 * assert()/ap_assert() should never be used. 

Paul


Mime
View raw message