[I see my e-mail went out, I got a weird bounce] On 19 March 2017 at 22:47, D. Hugh Redelmeier <h...@mimosa.com> wrote: > | From: Andrew Cagney <andrew.cag...@gmail.com> > > | > Did you check that the very early calls to lsw_abort can safely be > | > replaced by passerts? These are the ones in plutomain.c. (I have > | > not.) Logging may not be initialized. > > What I meant: they were JUST calls to abort. In FreeS/WAN.
That's really going back. Here's the relevant change: commit 021c768f365e48e49f1ac8be87b4c78ab96350d4 Date: Wed Nov 26 15:14:38 2008 +1000 Convert pluto over to it's own more verbose abort code. Makes find application aborts a little easier on embedded systems. > | Only in the sense that I ran the testsuite. > > That will never cause those asserts to fire: > > passert(open("/dev/null", O_RDONLY) == 0); > passert(dup2(0, 1) == 1); > passert(log_to_stderr || dup2(0, 2) == 2); > > Those only fire when something is seriously wrong with the environment. Think of it as a challenge :-) > | final_breath = TRUE; > > s/final_breath/dying_breath/ > > ================ > > passert is modelled on assert(3). It could be a macro that does > nothing (not even evaluating its argument). So depending on a > side-effect of argument evaluation is a no-no. passert() was once modelled on assert(3); fortunately the code base has since moved beyond that :-) commit 6cdc3a78ef7d5868e6b17d5ef885f5d552613f38 Date: Sun Dec 15 20:27:17 2013 -0500 building: Remove #ifdef DEBUG - always compile into userland This already did not affect KLIPS (although some KLIPS code did use Note the NSS PR_ASSERT() function depends on DEBUG being set, so we now define DEBUG 1 in libreswan.h. so what looks like a function call now behaves like a function call - its parameter is always evaluated once. > I'd say that the original FreeS/WAN code is better than all its > successors: > > if (open("/dev/null", O_RDONLY) != 0) > abort(); > if (dup2(0, 1) != 1) > abort(); > if (!log_to_stderr && dup2(0, 2) != 2) > abort(); > > Since these cannot fail in a normal environment, it is good to not > depend on much of the environment when failure is detected (passert > does, lsw_abort does, abort does not). It's a trade off. I'd prefer the code to at least try to print something (before the embedded board locks up hard and allows the magic blue smoke to escape :-), I suspect that was part of the motivation behind the original change. Andrew _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev