From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59181) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VoDir-0007AF-3C for qemu-devel@nongnu.org; Wed, 04 Dec 2013 09:46:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VoDil-0006te-DA for qemu-devel@nongnu.org; Wed, 04 Dec 2013 09:46:41 -0500 Received: from mx1.redhat.com ([209.132.183.28]:56694) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VoDil-0006tR-3g for qemu-devel@nongnu.org; Wed, 04 Dec 2013 09:46:35 -0500 Message-ID: <529F4047.4000104@redhat.com> Date: Wed, 04 Dec 2013 07:46:31 -0700 From: Eric Blake MIME-Version: 1.0 References: <87a9ginu92.fsf@blackfin.pond.sub.org> <529DD58C.8020408@redhat.com> <87y5423ut9.fsf@blackfin.pond.sub.org> <20131203213348.3f4e345e@thinkpad> <529E4256.40807@redhat.com> <87bo0xnfos.fsf@blackfin.pond.sub.org> In-Reply-To: <87bo0xnfos.fsf@blackfin.pond.sub.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2JiJ44rAN5QDKQgjUrMk8wx9fh1RdaVDg" Subject: Re: [Qemu-devel] [RFC PATCH v1 0/5] Add error_abort and associated cleanups List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: Igor Mammedov , Peter Crosthwaite , qemu-devel@nongnu.org, afaerber@suse.de, pbonzini@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2JiJ44rAN5QDKQgjUrMk8wx9fh1RdaVDg Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/04/2013 02:11 AM, Markus Armbruster wrote: > No objection to asserting that the caller passed an error object when > the error object is the only way to signal failure. You can't force > your callers to check for failure, but the assertion could help prevent= > accidental misuse. >=20 > Assertions fire at run-time, though. Unfortunately true. >=20 > Asserting "argument not null" first thing in the function should enable= > a sufficiently smart whole-program static checker to flag null > arguments. Coverity is such a checker; I think clang can as well. >=20 > But having such a static check right at compile-time would be much > better. Could attribute nonnull do it? If yes, do we still need the > assertion? gcc's implementation of attribute nonnull is complete trash. And the gcc developers know it. The attribute is still useful for Coverity, but at least in libvirt, we have taken to using the attribute ONLY when compiling under a static checker and omitting it under gcc because gcc's implementation of the attribute is so horribly botched. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D17308 So even with attribute nonnull, you still need the assertion. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --2JiJ44rAN5QDKQgjUrMk8wx9fh1RdaVDg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSn0BHAAoJEKeha0olJ0NqGbMIAKDirSeAr9STkoVxrzTGmr4m wIez8UToG8T3kOKVtj7kBWLq4xxOm3qO9Ho+2PESRWRPGovKotDcbyi1uMg27jJl 0hiSPeXUd44ieU/tn3E0nce56BHCBuyTYbD9eB5zhMn4VTy5TwQWWyCVX1hfOTmg 15eY0QgBdb3Txo2Kr0MLcnf/g87GZ7QRg9Dn+fjuBR9Hxas4M6tXO7FXwxoBoZMl dFftS1uSFvFVTPQYZJqr2a8zXOXVO1hC77Ubh8fxLwakMbo8uZumzogs/LfvsgJH JZ5asHEfbBHDNbNpqZRqOOBknkcXh/xFOTLiUaLvyXHJ4agKO/EJbslOmIovp5U= =7sXX -----END PGP SIGNATURE----- --2JiJ44rAN5QDKQgjUrMk8wx9fh1RdaVDg--