[libvirt] [PATCH] secret_driver.c: remove dead cleanup code
Here's another example of appropriate use of assert. The while loop removed below is currently guaranteed never to be executed, since "list" is always NULL at that point. However, you can argue that simply removing the loop is a little risky: what if someone changes things to "goto cleanup" before "list" reaches the final NULL? That's why I added the assertion: to catch the potential (albeit unlikely) future coding error. It would be a shame to include "real" run-time code to detect a situation like that that will probably never arise. And if you do, technically you'd have to document that the function would return some sort of error code if a developer changes its guts in a way that violates this invariant. That would be nonsensical.
From 6baa2b0b8f9963fa60ff0946afcefd57586e2720 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Mon, 18 Jan 2010 10:46:57 +0100 Subject: [PATCH] secret_driver.c: remove dead cleanup code
* src/secret/secret_driver.c (loadSecrets): Remove dead code after "cleanup:". At that point, "list" is known to be NULL. Instead, add an assertion. Include <assert.h>. --- src/secret/secret_driver.c | 10 +++------- 1 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 1eef468..b4b4f8a 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -1,7 +1,7 @@ /* * secret_driver.c: local driver for secret manipulation API * - * Copyright (C) 2009 Red Hat, Inc. + * Copyright (C) 2009-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -28,6 +28,7 @@ #include <string.h> #include <sys/stat.h> #include <unistd.h> +#include <assert.h> #include "internal.h" #include "base64.h" @@ -518,12 +519,7 @@ loadSecrets(virConnectPtr conn, virSecretDriverStatePtr driver, ret = 0; cleanup: - while (list != NULL) { - virSecretEntryPtr s; - - s = listUnlink(&list); - secretFree(s); - } + assert (list == NULL); if (dir != NULL) closedir(dir); return ret; -- 1.6.6.638.g2bc54
On Mon, Jan 18, 2010 at 10:53:31AM +0100, Jim Meyering wrote:
Here's another example of appropriate use of assert. The while loop removed below is currently guaranteed never to be executed, since "list" is always NULL at that point. However, you can argue that simply removing the loop is a little risky: what if someone changes things to "goto cleanup" before "list" reaches the final NULL? That's why I added the assertion: to catch the potential (albeit unlikely) future coding error.
I don't really consider that a net win. If we leave the current code in there and someone adds a 'goto cleanup' in future enhancement, then everything will work as design. If we replace the current code with an assert, then it will abort(), or silently do nothing & thus leak if compiled with -DNDEBUG. So while this is technically dead code at this time I don't think we should be removing it from the cleanup: block. The cleanup: blocks should be pessimistic about considering what has been cleaned up already, even if this results in possible dead code warnings. We've had many actual bugs from cleanup: blocks not free'ing stuff they should have done, many of those introduced after refactorings of original code. I realize this means that some automated code checkers like Coverity will always complain about certain things, but these are not actual bugs. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
participants (2)
-
Daniel P. Berrange -
Jim Meyering