Skip to content

Add more assertions to `deltachat-ffi' library #291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 7, 2019
Merged

Add more assertions to `deltachat-ffi' library #291

merged 1 commit into from
Aug 7, 2019

Conversation

KAction
Copy link

@KAction KAction commented Aug 5, 2019

Change code to panic! on invalid input (null pointers, out-of-range
identifiers) instead of silently doing nothing.

link2xt
link2xt reviewed Aug 5, 2019
View reviewed changes
flub
flub reviewed Aug 6, 2019
View reviewed changes
Copy link
Contributor

@flub flub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While the extra checks are useful invariants to ensure I'm not sure if introducing more panics is generally the right way to go on the C API. Maybe the same invariants could be checked but with a normal error return (including doing so for the existing asserts)? The downside is that there are often few ways to signal what went wrong I guess, but maybe that's just fine if you passed in NULL in the first place.

So I guess this is in line with what the existing rust-based C-API does, but is it the right thing to do for the C API? How did the original API behave? /cc @r10s @dignifiedquire

deltachat-ffi/src/lib.rs
let key = config::Config::from_str(dc_tools::as_str(key)).expect("invalid key");

// TODO: Translating None to NULL would be more sensible than translating None
// to "", as it is now.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@r10s can you comment on whether the current behaviour is correct please? Or should it indeed be NULL?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is correct? I did not change behavior with my patch, but API that deliberately merges missing key and key with value "" is dubious.

deltachat-ffi/src/lib.rs
let or_msg_type2 =
from_prim(or_msg_type2).expect(&format!("incorrect or_msg_type2 = {}", or_msg_type2));
let or_msg_type3 =
from_prim(or_msg_type3).expect(&format!("incorrect or_msg_type3 = {}", or_msg_type3));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These expect calls turn what used to be handled gracefully into a crash. Is this the desired scenario? Should the C API be this strict?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this change is by intention. This expect is about incorrect library usage. Pre-condition violation is exactly what assert for.

@flub
Copy link
Contributor

flub commented Aug 6, 2019

Oh, saw the conversation in #283 so I'm fine with this. Please change the constants to use the names though.

Add more assertions to `deltachat-ffi' library
67176c7 
Change code to panic! on invalid input (null pointers, out-of-range
identifiers) instead of silently doing nothing.
@flub flub merged commit 7603322 into chatmail:master Aug 7, 2019
@link2xt link2xt mentioned this pull request Aug 13, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@link2xt link2xt link2xt left review comments

@flub flub flub approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KAction @flub @link2xt