On 19/02/16 10:49 +0100, Petr Spacek wrote:
The thing is that some developers (e.g. me and ISC :-)) do not think that
assert() should be used only in debug builds.
E.g. BIND itself is written in "Design by contract" spirit and asserts are
used all over the place to make sure that code which does not behave as
intended is killed as soon as possible (and thus prevented from doing
collateral damage). Call it defensive programming if you wish.
That's fine. Don't use attribute((nonnull)) then.
It's illogical to promise the compiler that something will never,
ever, ever be null, but also check whether it's null. If you're not
100% certain it can't be null, then you lied to the compiler. If you
are 100% certain it can't be null then the assert is redundant and can
be removed.
If you're only 99.999% certain, and so the assert serves a useful
purpose, then don't make promises that you can't keep.
If you just want to advise the compiler that something *probably*
won't be null, and tell it to optimize based on that assumption, then
you can use __builtin_expect() to provide that hint (although I
wouldn't actually recommend doing so).
Don't make a promise when you mean to give a hint.
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
