Re: Ball of string -> g_return_* macros in static functions - lots of them :(

From: John Rice <John Rice Sun COM>
To: zuh iki fi
Cc: Performance-list gnome org
Subject: Re: Ball of string -> g_return_* macros in static functions - lots of them :(
Date: Mon, 17 Oct 2005 11:44:01 +0100

Kalle,

The problem is we now have a mixture of code using the g_return_* calls as they are meant to in public functions to validate input, but we also have g_return_* being used in static functions to validate some internal state. There's nothing wrong in a programmer validating the internal state of his library at any time, but he should be using g_assert to do so.

If they don't use g_assert then we have to turn off all the checking in the library to get the performance gain, but now our external library calls don't have any parameter validation in them :(

Kinda sucks - and yes you are entirely correct that we could just remove the g_return_* calls from all static functions, but I'd have thought converting them into g_asserts was probably more consistent with the original authors intention - though could be wrong of course :)

JR

Snip from Frederico: http://www.mail-archive.com/desktop-devel-list gnome org/msg02548.html

http://developer.gnome.org/doc/guides/programming-guidelines/robust.html

See the "Assertions and Preconditions" section on that page.

Summary:  use g_return_*() in library entry points to ensure that no
garbage is fed into your library.  Use g_assert() internally to ensure
that you are in a consistent state.

Kalle Vahlman wrote:

2005/10/17, John Rice <John Rice sun com>:

So with this situation we will always pay the performance penalty AND we
don't have the benefit of assert's blowing up in the internal library
static functions to warn us during development that something is
screwed. The g_return_* macros will allow us to fail gracefully,
essentially masking many pathological conditions that we really ought to
catch.


For developement, you can turn those warnings into fatal (aborting the program).

For performance, you can do -DG_DISABLE_CHECKS because:

http://cvs.gnome.org/viewcvs/glib/glib/gmessages.h?view=markup
---8<-----

#ifdef G_DISABLE_CHECKS

#define g_return_if_fail(expr)                  G_STMT_START{ (void)0;
}G_STMT_END
#define g_return_val_if_fail(expr,val)          G_STMT_START{ (void)0;
}G_STMT_END
#define g_return_if_reached()                   G_STMT_START{ return;
}G_STMT_END
#define g_return_val_if_reached(val)            G_STMT_START{ return
(val); }G_STMT_END

#else /* !G_DISABLE_CHECKS */

---8>----

You shouldn't use g_return_* as a validator of data anyway, they are
more debugging tools then a failsafe mechanism. If you pass crappy
data to functions, there is only so much the functions can do about
it...

If there is something special in using these macros in static
functions, please correct me, but as such I don't see benefits from
turning them into assertions.

--
Kalle Vahlman, zuh iki fi
Powered by http://movial.fi
_______________________________________________
Performance-list mailing list
Performance-list gnome org
http://mail.gnome.org/mailman/listinfo/performance-list

Follow-Ups:
- Re: Ball of string -> g_return_* macros in static functions - lots of them :(
  - From: Ross Burton
- Re: Ball of string -> g_return_* macros in static functions - lots of them :(
  - From: Kalle Vahlman

References:
- Ball of string -> g_return_* macros in static functions - lots of them :(
  - From: John Rice
- Re: Ball of string -> g_return_* macros in static functions - lots of them :(
  - From: Kalle Vahlman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]