bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] vasnprintf: silence some clang false positives

From: Paul Eggert
Subject: Re: [PATCH] vasnprintf: silence some clang false positives
Date: Tue, 15 Feb 2011 09:05:09 -0800
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 
On 02/15/2011 07:40 AM, Eric Blake wrote:
> # if STATIC_ANALYSIS
> #  undef NDEBUG /* Don't let a prior NDEBUG definition cause trouble.  */
> #  include <assert.h>
> #  define sa_assert(expr) assert (expr)
> # else
> #  define sa_assert(expr) /* empty */
> # endif

It doesn't feel right that sa_assert uses assert.
They should be more independent.  One should be able
to assert (X) as well as sa_assert (X), or do just
the assert, or just the sa_assert.

I think part of the problem here is the naming convention.
Ordinary C "assert (X)" means "crash if X is false".
But sa_assert (X) means "assume that X is true".
These are two very different different things.
I have some qualms about colliding with a C naming convention
that has been used for over three decades, even if the C
name is "wrong" from a static analysis point of view.

If we want to do this sort of thing, I suggest using a different
name for the static analysis macro, a name that more
obviously differs from "assert (X)".  How about "assume (X)"?

I also suggest that "assume (X)" not be implemented in
terms of "assert (X)", so that the two notions are
more clearly independent.  It's OK if both are implemented
as "if (! (X)) abort ();"; the point is that one should be
able to enable or disable runtime checking (by flipping NDEBUG
on and off) without worrying whether static analysis will
get garbled.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]