[libvirt] [PATCH 1/7] sa_assert: new assert-like macro, enabled only for use with static analyzers

Eric Blake eblake at redhat.com
Wed Apr 14 16:18:50 UTC 2010


On 04/14/2010 10:02 AM, Jim Meyering wrote:
> From: Jim Meyering <meyering at redhat.com>
> 
> Among some here, there is a strong aversion to use of "assert", yet
> some others think it is essential (when applied judiciously) even --
> perhaps "especially" -- at the heart of libraries and core hypervisor-
> related code.
> Here is a compromise that lets us make assertions about the code (e.g.,
> to tell static analyzers about invariants) without even a hint of risk
> of an abort.
> * src/internal.h [STATIC_ANALYSIS]: Include <assert.h>.
> (sa_assert): Define.  A no-op most of the time, but equivalent
> to classical assert when STATIC_ANALYSIS is nonzero.

Personally, I like this compromise.  But I'll let others who have been
more vocal against assert() give the actual ACK.

> ---
>  src/internal.h |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/src/internal.h b/src/internal.h
> index 2e73210..4be17d8 100644
> --- a/src/internal.h
> +++ b/src/internal.h
> @@ -9,6 +9,13 @@
>  # include <limits.h>
>  # include <verify.h>
> 
> +# if STATIC_ANALYSIS

I think we should add a line here:

#  undef NDEBUG

> +#  include <assert.h>
> +#  define sa_assert(expr) assert (expr)
> +# else
> +#  define sa_assert(expr) /* empty */
> +# endif

to guarantee that the STATIC_ANALYSIS always gets the real assert(),
rather than the no-op variant required by POSIX when NDEBUG is present.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 323 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100414/bd083aea/attachment-0001.sig>


More information about the libvir-list mailing list