Re: [PATCH 0/3] Introduce BUG_ON(cond, msg) MACRO

[Jeff King <peff@peff.net>]

On Wed, Nov 22, 2017 at 02:38:24PM -0800, Stefan Beller wrote:

> On reviewing [1] I wondered why there are so many asserts and wondered
> if these asserts could have been prevented by a better functionality around
> bug reporting in our code.
> 
> Introduce a BUG_ON macro, which is superior to assert() by
>  * being always there, even when compiled with NDEBUG and
>  * providind an additional human readable error message, like BUG()

I'm not sure I agree with the aim of the series.

If people want to compile with NDEBUG, that's their business, I guess.
I don't see much _point_ in it for Git, since most of our assertions do
not respect NDEBUG, and I don't think we tend to assert in expensive
ways anyway.

I do like human readable messages. But sometimes such a message just
makes the code harder to read (and to write). E.g., is there any real
value in:

  BUG_ON(!foo, "called bar() with a foo!");

over:

  assert(foo);

? The error message you'd get from the latter is rather sparse, but the
file and line number information it contains should be enough to find
the original source line. And after all, it's not _supposed_ to happen,
so if it does you're likely going to need to dig into the source anyway.

The human-readable BUG messages I find useful add some context or
summarize the situation. E.g. (pulled from random grepping):

  BUG: color parsing ran out of space

is way better than:

  assert failed: len < 2

Likewise, in this code:

  if (hashmap_put(map, alloc_ref_store_hash_entry(name, refs)))
	die("BUG: %s ref_store '%s' initialized twice", type, name);

we get a lot of extra information:

  - the type is mentioned
  - the name variable is dereferenced
  - the implication of "initialized twice" is made clear by the author,
    which would not be immediately obvious just from seeing the failed
    call

So I _like_ good messages, but I also think a lot of assertions don't
really lend themselves to good messages. And we should shoot for just
making them easy to read and write.

I also find (as your third patch switches):

  if (!foo)
	BUG("foo has not been setup");

more readable than the BUG_ON() version, if only because it uses
traditional control flow. But that may just be because I'm used to it.
I'm sure kernel folks are used to BUG_ON() at this point, and we'd grow
used to it, too.

-Peff