From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [edk2-devel] [PATCH v3 0/1] Add PCD to disable safe string constraint assertions To: vit9696 ,devel@edk2.groups.io From: "Sean" X-Originating-Location: Redmond, Washington, US (131.107.174.211) X-Originating-Platform: Windows Chrome 80 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Mon, 06 Jan 2020 14:54:29 -0800 References: In-Reply-To: Message-ID: <9745.1578351269596692353@groups.io> Content-Type: multipart/alternative; boundary="C39FAtzp0g4B3og84Hj1" --C39FAtzp0g4B3og84Hj1 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 6, 2020 at 10:43 AM, Vitaly Cheptsov wrote: >=20 > My original suggestion was to remove the assertions entirely, but severa= l > people here said that they use them to verify usage errors when handling > trusted data. This makes good sense to me, so we suggest to support both > cases by introducing a PCD in this patch. I strongly agree with Vitaly. These asserts cause more trouble than help.=C2=A0 The asserts cause the ca= ller to implement the same checks as the functions and thus make the functi= onal checks useless overhead and complicate the calling code.=C2=A0 These f= unctions are in a base library used in hundreds of unique places and thus s= hould not make assumptions about how to handle errors.=C2=A0 Since they hav= e the ability to and must return error codes (since asserts are generally o= ff in production) this code should rely on the caller to handle the error a= ppropriately. thanks Sean --C39FAtzp0g4B3og84Hj1 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 6, 2020 at 10:43 AM, Vitaly Cheptsov wrote:
My original suggestion was to remove the assertions entirely, = but several people here said that they use them to verify usage errors when= handling trusted data. This makes good sense to me, so we suggest to suppo= rt both cases by introducing a PCD in this patch.
I strongly agree with Vitaly.  
These asserts cause more tr= ouble than help.  The asserts cause the caller to implement the same c= hecks as the functions and thus make the functional checks useless overhead= and complicate the calling code.  These functions are in a base libra= ry used in hundreds of unique places and thus should not make assumptions a= bout how to handle errors.  Since they have the ability to and must re= turn error codes (since asserts are generally off in production) this code = should rely on the caller to handle the error appropriately.  
thanks
Sean --C39FAtzp0g4B3og84Hj1--