• Pieter Hintjens's avatar
    Problem: API violations are treated as recoverable errors · b4ed3f55
    Pieter Hintjens authored
    The example is applications passing invalid arguments to a socket option
    and then failing to check the return code. The results can be very hard
    to diagnose. Here are some threads that show the pain this causes:
    
    * https://github.com/zeromq/zyre/issues/179
    * http://lists.zeromq.org/pipermail/zeromq-dev/2014-June/026388.html
    
    One common argument is that a library should never assert, and should
    pass errors back to the calling application. The counter argument is
    that when an application is broken enough to pass garbage to libzmq,
    it cannot be trusted to handle the resulting errors properly. Empirical
    evidence from CZMQ, where we systematically assert on bad arguments, is
    that this militant approach makes applications more, not less, robust.
    
    I don't see any valid use cases for returning errors on bad arguments,
    with one exception: zmq_setsockopt can be used to probe whether libzmq
    was e.g. built with CURVE security. I'd argue that it's nasty to use a
    side effect like this. If apps need to probe how libzmq was built, this
    should be done explicitly, and for ALL build options, not just CURVE.
    
    There are/were no libzmq test cases that check the return code for an
    invalid option.
    
    For now I've enabled militant assertions using --with-militant at
    configure time. However I'd like to make this the default setting.
    b4ed3f55
options.cpp 21.2 KB