Quoting Luca Barbato (2016-04-18 13:27:59) > On 18/04/16 13:01, Anton Khirnov wrote: > > That's the whole point of the assert -- it's something that should not > > be able to happen. If it does happen, then the code is buggy and the bug > > should be fixed. Another function of the assert (other than preventing > > UB) is that it tells you where exactly things went wrong, rather than > > crashing days later due to memory corruption. > > An assert should notify about a unexpected condition before it happens > and it is quite useful this way, but it is a debugging aid, not a safeguard. > > Using it to check after the fact is not useful at all.
I have no idea what "after the fact" are you talking about. An assert is nothing else but a declaration "This condition is always true and the following code relies on it to be true. If it is not true then there is a bug somewhere in this code, so we rather abort than do something undefined" > > >> If you end up in that situation what happens? You leak packets? You > >> leave memory areas pinned in strange ways? You can root the system? > > > > You do something undefined. We should never ever do something undefined. > > Aborting is absolutely preferable to UB. > > Had you read the code in question? We can debate all the time how > theoretically crashing early saves the world and come up with more or > less plausible examples. > > If I read the code correctly the expected-unexpected condition that > should trigger an abort is feeding in a packet while flushing or closing > the decoder. > > That is not exactly mmal-specific I'd dare to say... There is absolutely no point in discussing how an assert can be triggered, because by definition it must not be triggerable. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
