Re: Re: [PATCH] rust_binder: add ownership assertion to Node::add_death

Next message: Chen-Yu Yeh: "[PATCH] staging: rtl8723bs: remove unused channel format/arg macros"
Previous message: Bartosz Golaszewski: "Re: [PATCH v2 01/16] device property: Add fwnode_graph_get_port_by_id()"
In reply to: Gary Guo: "Re: [PATCH] rust_binder: add ownership assertion to Node::add_death"
Next in thread: Gary Guo: "Re: [PATCH] rust_binder: add ownership assertion to Node::add_death"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miguel Ojeda

Date: Thu Jun 11 2026 - 04:16:20 EST

On Wed, 10 Jun 2026 14:39:46 +0100 Gary Guo <gary@xxxxxxxxxxx> wrote:
>
> pr_warn is probably a bad idea here. Given the code relies it for soundness.
> You're either sure that it won't happen, then you use `debug_assert!`, or you
> are not sure, and use `assert!`.
>
> There's no "I am fairly certain but the code should keep running despite
> invariance violation" for this one.

[ I keep getting your emails way later than they appear in the list...
I spotted this one as well in the mailing list. ]

I agree that continuining in this particular case is quite bad, and you
know I would be stricter than the C side for this sort of thing -- it is
closer to an indexing gone wrong where we panic as well.

But to clarify, the `pr_warn!` is not the important bit here -- I was
giving the general rule that if `debug_assert!` is OK in a particular
situation, then as usual we should consider a `pr_warn!` as well, i.e.
that is the Erroneous Behavior combo for us.

And if it is not OK to continue in a certain situation, then something
else entirely needs to be done.

That is what I pointed out in the GitHub issue, i.e. that the original
`debug_assert!` suggestion cannot fix a soundness issue.

Cheers,
Miguel