This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.

On 01/11/2013 02:12 PM, Roland McGrath wrote:
> The purpose of asserts is partly documentation, which can also be served by
> comments but asserts are self-testing against bit-rot as comments cannot
> be.  The main purpose is to ensure that intended assumptions of the code
> are not accidentally violated by changes elsewhere, which is a common
> source of subtle bugs.  Even if the caller and callee seem intimately tied
> now, they might not seem so obviously so to someone else touching the code
> months or years from now.

Fully agree. Though there is a tipping point at which the asserts are just
noise and confuse the reader. I didn't remove all the asserts, just this
one that doesn't make any sense.

I'll be cleaning up the this code *very* *very* slowly, line by line, and
getting us to the point where we can talk about splitting implementation
allocations from stack allocations.
 
> In the particular case of an assumption that a pointer is not null, just
> the fact that the code (unconditionally) uses the pointer is sufficient as
> an assert (though not necessarily as documentation), since it will reliably
> and straightforwardly crash.

Exactly.

Cheers,
Carlos.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]