[zeromq-dev] error handling? assert?
Pieter Hintjens
ph at imatix.com
Tue Dec 16 15:51:48 CET 2008
On Tue, Dec 16, 2008 at 3:35 PM, Aamir M <intuitionist at gmail.com> wrote:
> I must admit I had never thought of program crashes as a form of
> reliability. You do have a point that this makes things quite reliable, as
> long as you can get the program to a state where it doesn't crash. Do you
> usually compile 0MQ with asserts when you put it into production use? Or do
> you compile it with NDEBUG and give up error checking in favor of
> performance?
Some background on the use of assertions in 0MQ...
We developed this technique in iMatix OpenAMQ but it's used widely.
Asserts stay in production code. They catch any internal
inconsistency and guarantee that the application runs perfectly, or
not at all. It can be scary to think of production code with
assertions but in fact it raises reliability quite dramatically
because ambiguous cases can be cleared out.
AMQP uses a similar pattern to abort connections when there are
errors, rather than trying to recover from errors.
Of course one needs to judge when to use assertions and when not.
Usually they are appropriate when one layer catches what looks like a
programming error in a higher layer, or an internal inconsistency.
Programs should never assert on bad user input since that opens the
door to DoS attacks.
-Pieter Hintjens
iMatix
More information about the zeromq-dev
mailing list