On 04/14/2010 10:02 AM, Jim Meyering wrote: > From: Jim Meyering <meyering@xxxxxxxxxx> > > Among some here, there is a strong aversion to use of "assert", yet > some others think it is essential (when applied judiciously) even -- > perhaps "especially" -- at the heart of libraries and core hypervisor- > related code. > Here is a compromise that lets us make assertions about the code (e.g., > to tell static analyzers about invariants) without even a hint of risk > of an abort. > * src/internal.h [STATIC_ANALYSIS]: Include <assert.h>. > (sa_assert): Define. A no-op most of the time, but equivalent > to classical assert when STATIC_ANALYSIS is nonzero. Personally, I like this compromise. But I'll let others who have been more vocal against assert() give the actual ACK. > --- > src/internal.h | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/src/internal.h b/src/internal.h > index 2e73210..4be17d8 100644 > --- a/src/internal.h > +++ b/src/internal.h > @@ -9,6 +9,13 @@ > # include <limits.h> > # include <verify.h> > > +# if STATIC_ANALYSIS I think we should add a line here: # undef NDEBUG > +# include <assert.h> > +# define sa_assert(expr) assert (expr) > +# else > +# define sa_assert(expr) /* empty */ > +# endif to guarantee that the STATIC_ANALYSIS always gets the real assert(), rather than the no-op variant required by POSIX when NDEBUG is present. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list