The 'failCommand' failpoint needs to perform a check outside of the body of the failpoint to decide whether or not the failpoint should be active.  It needs to happen outside the body of the failpoint so that if the check decides that the failpoint should not activate, it doesn't decrement the 'skip' or 'times' configuration for the failpoint.  This means that there is work being done associated with the failpoint, even if production builds where the entire failpoint system has been disabled, which goes against the philosophy that failpoints should have 0 impact when they are disabled.  It would be better if we could move that check into the failpoint body, but when we decide to do nothing reset the 'times' and 'skip' counters.

I ended up solving this by adding an observer parameter to shouldFail, shouldFailOpenBlock and a new macro called MONGO_FAIL_POINT_BLOCK_IF.  All of them take a callable which is invoked only if the fail point is enabled.  They also receive the fail point payload, and can control whether times and skip are manipulated