This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.

From: Roland McGrath <roland at hack dot frob dot com>
To: "Carlos O'Donell" <codonell at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Fri, 11 Jan 2013 11:12:07 -0800 (PST)
Subject: Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.
References: <50EF9722.6050105@redhat.com><20130111152955.E2C052C0EF@topped-with-meat.com><50F03DFF.1010104@redhat.com>

The purpose of asserts is partly documentation, which can also be served by
comments but asserts are self-testing against bit-rot as comments cannot
be.  The main purpose is to ensure that intended assumptions of the code
are not accidentally violated by changes elsewhere, which is a common
source of subtle bugs.  Even if the caller and callee seem intimately tied
now, they might not seem so obviously so to someone else touching the code
months or years from now.

In the particular case of an assumption that a pointer is not null, just
the fact that the code (unconditionally) uses the pointer is sufficient as
an assert (though not necessarily as documentation), since it will reliably
and straightforwardly crash.


Thanks,
Roland

Follow-Ups:
- Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.
  - From: Carlos O'Donell

References:
- [PATCH] Remove `attr != NULL' assert in allocate_stack.
  - From: Carlos O'Donell
- Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.
  - From: Roland McGrath
- Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]