This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Remove `attr != NULL' assert in allocate_stack.
On 01/11/2013 02:12 PM, Roland McGrath wrote:
> The purpose of asserts is partly documentation, which can also be served by
> comments but asserts are self-testing against bit-rot as comments cannot
> be. The main purpose is to ensure that intended assumptions of the code
> are not accidentally violated by changes elsewhere, which is a common
> source of subtle bugs. Even if the caller and callee seem intimately tied
> now, they might not seem so obviously so to someone else touching the code
> months or years from now.
Fully agree. Though there is a tipping point at which the asserts are just
noise and confuse the reader. I didn't remove all the asserts, just this
one that doesn't make any sense.
I'll be cleaning up the this code *very* *very* slowly, line by line, and
getting us to the point where we can talk about splitting implementation
allocations from stack allocations.
> In the particular case of an assumption that a pointer is not null, just
> the fact that the code (unconditionally) uses the pointer is sufficient as
> an assert (though not necessarily as documentation), since it will reliably
> and straightforwardly crash.
Exactly.
Cheers,
Carlos.