Date: Mon, 11 May 1998 11:19:21 -0400
From: bhyde@gensym.com (Ben Hyde)
Message-Id: <199805111519.LAA02131@siam.gensym>
To: new-httpd@apache.org
Subject: Re: assert evilness
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org


Yes there ought to be something in the coding
guidelines about this.  Something like: always
ok in debug versions, often ok in the server
startup, very rarely (proabably never) in the
request processing.

presumably there are rules that you never break
 - keep the server going at all costs.
 - never allow a buffer overrun.
 - don't leak during request processing.

I don't see how you can maintain these three
and use assert during request processing.

I couldn't agree more with Ben L's argument that
asserts aren't used enough, particularly in
debug code.  

If you feel that "up" is less important than 
"secure" then assert for secure becomes
acceptable at runtime.

I think it's best to treat them both as
non-negotiable.

Meanwhile:

Doesn't long jump happen during request processing
as triggered by SIGPIPE?  

If so... modules must guard all cleanable
data structures via pool cleanups all before
writing to the request stream.

but Dean writes
> No don't do this.  You can only do this if you longjmp() out, and you
> can't do that in my NSPR port.  Heck you can't do it in 1.3, it's just not
> safe. 

So I'm confused - my usual state.

 - ben hyde