Re: [PATCH] rust_binder: add ownership assertion to Node::add_death

Next message: Konrad Dybcio: "Re: [PATCH 12/12] clk: qcom: gcc-mdm9607: Drop redundant register update during probe"
Previous message: Daniel Lee: "[PATCH v2] ufs: sysfs: Add WB partial flush mode support"
In reply to: Miguel Ojeda: "Re: [PATCH] rust_binder: add ownership assertion to Node::add_death"
Next in thread: Miguel Ojeda: "Re: Re: [PATCH] rust_binder: add ownership assertion to Node::add_death"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Gary Guo

Date: Wed Jun 10 2026 - 09:46:50 EST

On Wed Jun 10, 2026 at 7:07 AM BST, Miguel Ojeda wrote:
> On Wed, Jun 10, 2026 at 7:45 AM Onur Özkan <work@xxxxxxxxxxxxx> wrote:
>>
>> I think having a `debug_assert!` should be fine. That's also your suggestion in
>> the GH issue link above.
>
> Yeah, there seems to be confusion about the asserts.
>
> If there were a soundness issue, then an `assert!` may "fix" it, but
> it would usually the wrong way to do so, and a `debug_assert!`
> wouldn't be a fix it at all.
>
> And for other cases, `assert!` is typically too strong for Linux
> (outside const context, tests, special `cfg`s, etc.).
>
> In addition, please consider whether a `pr_warn(_once)!` or similar
> may be a good idea to pair with the `debug_assert!`.

pr_warn is probably a bad idea here. Given the code relies it for soundness.
You're either sure that it won't happen, then you use `debug_assert!`, or you
are not sure, and use `assert!`.

There's no "I am fairly certain but the code should keep running despite
invariance violation" for this one.

Best,
Gary