On 03.07.2025 10:52, Julien Grall wrote: > On 02/07/2025 14:37, Jan Beulich wrote: >> On 02.07.2025 15:18, Julien Grall wrote: >>> On 02/07/2025 14:06, Jan Beulich wrote: >>>> When the bumping by <nr> (instead of just 1) was introduced, a comment >>>> was left untouched, and a bogus ASSERT_UNREACHABLE() was inserted. That >>>> code path can in principle be taken (depending on configuration coming >>>> from the outside), and we shouldn't assert anything we didn't check >>>> elsewhere. >>> >>> I suggested to add the ASSERT_UNREACHABLE (see [1]). My take is the >>> overflow is not something that should happen and it is good to be able >>> to catch very clearly in debug build. >> >> But catching an anomalous entry in DT (which aiui the values come from, >> even if perhaps indirectly) isn't going to depend on people using debug >> builds. It depends on what DT blobs they use. And issues there shouldn't >> be checked by assertions, as those blobs live outside of Xen. > > I agree we probably want check upfront. But I still don't think we want > to remove this ASSERT_UNREACHABLE(). > > By the way, I am not asking you to add those checks.
Sure, I wouldn't even know where and what. I can re-send just the comment change, but that would feel wrong as long as the ASSERT_UNREACHABLE() is actually reachable. Jan
