util: Add Assume() identity function #20255
pull MarcoFalke wants to merge 3 commits into bitcoin:master from MarcoFalke:2010-assume changing 3 files +48 −2-
MarcoFalke commented at 6:29 pm on October 27, 2020: memberThis is needed for #20138. Please refer to the added documentation for motivation.
-
laanwj commented at 7:09 pm on October 27, 2020: memberConcept ACK. It’s mildly interesting that we’re sort of reinventing the original
assert()
here, which gets disabled onNDEBUG
, which we had to always force on, but I think it’s fine to reinvent the wheel here instead of assuming any specific compiler semantics. -
MarcoFalke commented at 7:14 pm on October 27, 2020: memberIndeed, this
Assume
is like the traditionalassert
. -
MarcoFalke commented at 7:36 pm on October 27, 2020: memberI think @ryanofsky also likes
check
, so I might change to that -
jnewbery commented at 7:40 pm on October 27, 2020: memberI think Russ doesn’t care about the name, but would prefer a pair of check/dcheck macros: #16136 (comment)
-
sipa commented at 7:43 pm on October 27, 2020: memberFWIW, libsecp256k1 has CHECK() (always enabled) and VERIFY_CHECK() functions (enabled with -DVERIFY, used in test builds).
-
DrahtBot added the label Build system on Oct 27, 2020
-
DrahtBot added the label Docs on Oct 27, 2020
-
DrahtBot added the label Utils/log/libs on Oct 27, 2020
-
practicalswift commented at 9:41 pm on October 27, 2020: contributorConcept ACK
-
in doc/developer-notes.md:298 in fa96726035 outdated
293+ - For example, a nullptr dereference or any other logic bug in RPC code 294+ means that the RPC code is faulty and can not be executed. However, the 295+ logic bug can be shown to the user and the program can continue to run. 296+* `Assume` can be used for nonfatal internal logic bugs. In debug builds it 297+ behaves like Assert()/assert() to notify developers and testers about 298+ non-fatal errors. In production it doesn't warn or log anything.
ajtowns commented at 6:08 am on October 28, 2020:Might be worth clarifying that the expression is still evaluated in production builds?
MarcoFalke commented at 9:12 am on November 24, 2020:thx, donein doc/developer-notes.md:304 in fa96726035 outdated
297+ behaves like Assert()/assert() to notify developers and testers about 298+ non-fatal errors. In production it doesn't warn or log anything. 299+ - For example it can be assumed that a variable is only initialized once, 300+ but a failed assumption does not result in a fatal bug. A failed 301+ assumption may or may not result in a slightly degraded user experience, 302+ but it is safe to continue program execution.
ajtowns commented at 7:01 am on October 28, 2020:Maybe rephrase it as a directive: “Assert() should be used to document assumptions when any violation would mean that it is not safe to continue program execution; Assume() should be used to document assumptions when program execution can safely continue even if the assumption is violated.” ?
If we’re going to stick with “always evaluate assertions” and not support NDEBUG-like optimisation even for a new, debug-only check, maybe we should deprecate
assert()
too (and perhaps not use it to implementAssert()
).
MarcoFalke commented at 9:12 am on November 24, 2020:Maybe rephrase it as a directive
thx, done
maybe we should deprecate assert()
I’ll leave that for a follow-up
MarcoFalke removed the label Build system on Oct 28, 2020MarcoFalke removed the label Docs on Oct 28, 2020MarcoFalke commented at 8:16 am on October 28, 2020: memberFWIW, libsecp256k1 has CHECK() (always enabled) and VERIFY_CHECK() functions (enabled with -DVERIFY, used in test builds).
That is good to know, because that means we can’t use that name due to name-clashing.
ajtowns commented at 4:44 am on October 29, 2020: memberACK fa9672603560320bc9f1017a7de5e85de10d9561
I think this is a good choice of behaviour that should be easy to use correctly. Would like to see the ability to turn on logging of violated Assumptions even in production builds in a followup.
practicalswift commented at 6:37 am on October 29, 2020: contributorACK fa9672603560320bc9f1017a7de5e85de10d9561: patch looks correcthebasto commented at 10:13 pm on October 30, 2020: memberApproach ACK fa9672603560320bc9f1017a7de5e85de10d9561
Are there any cases when
assert
is preferable toAssert
. If “yes”, it would be nice to have an example in the docs. If “no”, why do we mentionassert
in the docs?util: Allow Assert(...) to be used in all contexts
Fixes the compile error when used inside operator[]: ./chain.h:404:23: error: C++11 only allows consecutive left square brackets when introducing an attribute return (*this)[Assert(pindex)->nHeight] == pindex; ^
util: Add Assume() identity function fac5efe730util: Remove probably misleading TODO
The TODO has been added by me, but I don't remember how to solve it. The current code works fine, so just remove the TODO.
MarcoFalke force-pushed on Nov 24, 2020MarcoFalke commented at 9:13 am on November 24, 2020: memberAre there any cases when assert is preferable to Assert
No
If “no”, why do we mention assert in the docs?
It documents how the
assert
is used in existing codepracticalswift commented at 9:25 am on November 24, 2020: contributorcr ACK faa05854f832405231c9198787a4eafe2cd4c5f0jnewbery commented at 9:35 am on November 24, 2020: memberutACK faa05854f832405231c9198787a4eafe2cd4c5f0in doc/developer-notes.md:294 in faa05854f8
289+ code means the program code is faulty and must terminate immediately. 290+* `CHECK_NONFATAL` should be used for recoverable internal logic bugs. On 291+ failure, it will throw an exception, which can be caught to recover from the 292+ error. 293+ - For example, a nullptr dereference or any other logic bug in RPC code 294+ means that the RPC code is faulty and can not be executed. However, the
jonatack commented at 9:42 am on November 24, 2020:s/can not/cannot/in doc/developer-notes.md:301 in faa05854f8
296+* `Assume` should be used to document assumptions when program execution can 297+ safely continue even if the assumption is violated. In debug builds it 298+ behaves like `Assert`/`assert` to notify developers and testers about 299+ nonfatal errors. In production it doesn't warn or log anything, though the 300+ expression is always evaluated. 301+ - For example it can be assumed that a variable is only initialized once,
jonatack commented at 9:43 am on November 24, 2020:s/For example it can/For example, it may/jonatack commented at 9:43 am on November 24, 2020: memberApproach ACK, some doc nits if you retouchMarcoFalke commented at 12:54 pm on November 25, 2020: memberWill leave style nits alone to preserve ACKsMarcoFalke commented at 8:10 am on December 4, 2020: memberI think this is ready, but I am waiting on one more (re?)ACK before mergehebasto approvedhebasto commented at 10:05 am on December 4, 2020: memberACK faa05854f832405231c9198787a4eafe2cd4c5f0, I have reviewed the code and it looks OK, I agree it can be merged.MarcoFalke merged this on Dec 4, 2020MarcoFalke closed this on Dec 4, 2020
MarcoFalke deleted the branch on Dec 4, 2020sidhujag referenced this in commit c67c618af7 on Dec 4, 2020Fabcien referenced this in commit 12031e53db on Jun 15, 2021DrahtBot locked this on Feb 15, 2022
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me