Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer

[ Thread Index | Date Index | More lists.tuxfamily.org/hatari-devel Archives ]

To: hatari-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
From: Eero Tamminen <oak@xxxxxxxxxxxxxx>
Date: Mon, 11 May 2020 18:00:21 +0300

Hi,

On 5/11/20 3:07 PM, Nicolas Pomarède wrote:

Le 11/05/2020 à 12:49, Eero Tamminen a écrit :
We differ on their use, no problem. But for me, assert() is a "poor man"fix. As I wrote, I understand assert() are put here and there whiledeveloping new code, but years after, I think they should be replaced byproper checks that write more detailled messages and maybe return"false" or whatever code to indicate a function could not complete andfix the problematic calling code at an upper level.


While asserts can be used liberally during
development to check things, often subset of them
is expected to remain in the code to make sure
future changes won't break things either.

Asserts can be also used as checks for correct API
usage (some languages provide real constraint
features, but in C people use assert).

For example, I don't think the assert "assert(Drive >= 0 && Drive <MAX_FLOPPYDRIVES)" in floppy.c are really needed. How could drive be >=MAX_FLOPPYDRIVES, except if memory is already seriously corrupted ?


I seem to have added them in 2008 when adding new
features.  Feel free to remove those. :-)

Exiting immediately doesn't seem a big benefit to me when compared tocrashing ; at least for the user, it looks the same.


It's *much* easier for user to copy paste the
assert print from console to a bug mail, than to
first install Hatari debug symbols (or re-compile
Hatari with symbols) and then use Gdb to find out
on which line the crash happens.

And once again, the "problem" for me is not testing for "impossible"situation, but thaassert() might be removed at compile time by differentcompiler options ; so if we really want safeguards for "impossible"situations, then better put our own code with some if/printf.


Asserts are something that are specifically made
to be easily removed from code with a define. So
is Hatari tracing.  Why that would be a problem?

GCC warnings from which this started, is separate
matter.  It's about NULL pointer checks for things
*where compiler knows that return value can be
NULL*, i.e. mallocs.  As already discussed, those
can and should use a wrapper.



	- Eero

References:
- [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Nicolas Pomarède
- Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Thomas Huth
- Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Eero Tamminen
- Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Nicolas Pomarède
- Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Eero Tamminen
- Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
  - From: Nicolas Pomarède

Messages sorted by: [ date | thread ]
Prev by Date: Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
Next by Date: Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
Previous by thread: Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer
Next by thread: Re: [hatari-devel] fixing errors reported by GCC 10 -fanalyzer

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/