[Swan-dev] lsw_abort => passert

[Andrew Cagney]

[I see my e-mail went out, I got a weird bounce]

On 19 March 2017 at 22:47, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
> | From: Andrew Cagney <andrew.cagney at gmail.com>
>
> | > Did you check that the very early calls to lsw_abort can safely be
> | > replaced by passerts?  These are the ones in plutomain.c. (I have
> | > not.)  Logging may not be initialized.
>
> What I meant: they were JUST calls to abort.  In FreeS/WAN.

That's really going back.  Here's the relevant change:

commit 021c768f365e48e49f1ac8be87b4c78ab96350d4
Date:   Wed Nov 26 15:14:38 2008 +1000

    Convert pluto over to it's own more verbose abort code.  Makes find
    application aborts a little easier on embedded systems.

> | Only in the sense that I ran the testsuite.
>
> That will never cause those asserts to fire:
>
>                 passert(open("/dev/null", O_RDONLY) == 0);
>                 passert(dup2(0, 1) == 1);
>                 passert(log_to_stderr || dup2(0, 2) == 2);
>
> Those only fire when something is seriously wrong with the environment.

Think of it as a challenge :-)

> |    final_breath = TRUE;
>
> s/final_breath/dying_breath/
>
> ================
>
> passert is modelled on assert(3).  It could be a macro that does
> nothing (not even evaluating its argument).  So depending on a
> side-effect of argument evaluation is a no-no.

passert() was once modelled on assert(3); fortunately the code base
has since moved beyond that :-)

commit 6cdc3a78ef7d5868e6b17d5ef885f5d552613f38
Date:   Sun Dec 15 20:27:17 2013 -0500

    building: Remove #ifdef DEBUG - always compile into userland

    This already did not affect KLIPS (although some KLIPS code did use

    Note the NSS PR_ASSERT() function depends on DEBUG being set, so we
    now define DEBUG 1 in libreswan.h.

so what looks like a function call now behaves like a function call -
its parameter is always evaluated once.

> I'd say that the original FreeS/WAN code is better than all its
> successors:
>
>                 if (open("/dev/null", O_RDONLY) != 0)
>                         abort();
>                 if (dup2(0, 1) != 1)
>                         abort();
>                 if (!log_to_stderr && dup2(0, 2) != 2)
>                         abort();
>
> Since these cannot fail in a normal environment, it is good to not
> depend on much of the environment when failure is detected (passert
> does, lsw_abort does, abort does not).

It's a trade off.  I'd prefer the code to at least try to print
something (before the embedded board locks up hard and allows the
magic blue smoke to escape :-), I suspect that was part of the
motivation behind the original change.

Andrew