3:53 a.m.
Here's another example of appropriate use of assert.
The while loop removed below is currently guaranteed never
to be executed, since "list" is always NULL at that point.
However, you can argue that simply removing the loop is a little
risky: what if someone changes things to "goto cleanup" before
"list" reaches the final NULL? That's why I added the assertion:
to catch the potential (albeit unlikely) future coding error.
It would be a shame to include "real" run-time code to detect
a situation like that that will probably never arise. And if you
do, technically you'd have to document that the function would
return some sort of error code if a developer changes its guts
in a way that violates this invariant. That would be nonsensical.
From 6baa2b0b8f9963fa60ff0946afcefd57586e2720 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 18 Jan 2010 10:46:57 +0100
Subject: [PATCH] secret_driver.c: remove dead cleanup code
* src/secret/secret_driver.c (loadSecrets): Remove dead code
after "cleanup:". At that point, "list" is known to be NULL.
Instead, add an assertion.
Include <assert.h>.
---
src/secret/secret_driver.c | 10 +++-------
1 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 1eef468..b4b4f8a 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -1,7 +1,7 @@
/*
* secret_driver.c: local driver for secret manipulation API
*
- * Copyright (C) 2009 Red Hat, Inc.
+ * Copyright (C) 2009-2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <assert.h>
#include "internal.h"
#include "base64.h"
@@ -518,12 +519,7 @@ loadSecrets(virConnectPtr conn, virSecretDriverStatePtr driver,
ret = 0;
cleanup:
- while (list != NULL) {
- virSecretEntryPtr s;
-
- s = listUnlink(&list);
- secretFree(s);
- }
+ assert (list == NULL);
if (dir != NULL)
closedir(dir);
return ret;
--
1.6.6.638.g2bc54
4:33 a.m.
On Mon, Jan 18, 2010 at 10:53:31AM +0100, Jim Meyering wrote:
Here's another example of appropriate use of assert.
The while loop removed below is currently guaranteed never
to be executed, since "list" is always NULL at that point.
However, you can argue that simply removing the loop is a little
risky: what if someone changes things to "goto cleanup" before
"list" reaches the final NULL? That's why I added the assertion:
to catch the potential (albeit unlikely) future coding error.
I don't really consider that a net win. If we leave the current code in
there and someone adds a 'goto cleanup' in future enhancement, then
everything will work as design. If we replace the current code with an
assert, then it will abort(), or silently do nothing & thus leak if
compiled with -DNDEBUG.
So while this is technically dead code at this time I don't think we
should be removing it from the cleanup: block. The cleanup: blocks
should be pessimistic about considering what has been cleaned up already,
even if this results in possible dead code warnings. We've had many
actual bugs from cleanup: blocks not free'ing stuff they should have
done, many of those introduced after refactorings of original code.
I realize this means that some automated code checkers like Coverity
will always complain about certain things, but these are not actual
bugs.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5426
days inactive
5426
days old
1 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Jim Meyering