From: Paul Eggert <eggert@cs.ucla.edu>
To: Philipp Stephani <phst@google.com>
Cc: Emacs Development <emacs-devel@gnu.org>
Subject: emacs-module.c, eassert, and nonnull args
Date: Sun, 4 Jun 2017 19:48:20 -0700 [thread overview]
Message-ID: <5a128432-e087-ad45-a15c-c2b0ebb8f28d@cs.ucla.edu> (raw)
Thanks for your recent improvements to emacs-module.c. One thing I noticed,
though, was that it added several easserts. However, there's a comment at the
start of emacs-module.c that says "Do NOT use 'eassert'". To play it safe for
now I removed the easserts, and thought I'd raise this on emacs-discuss.
As I understand it, emacs-module.c's use of eassert is intended for bugs in
Emacs itself, not for bugs in user-supplied modules. Although perhaps we need a
more-systematic way of issuing signals for screwups in modules, 'eassert' sounds
dicey for that as assertion failures are so drastic. Even though modules can
dump core on their own, should Emacs be on high alert and dump core merely
because a module has an invalid value? Plus, should ENABLE_CHECKING affect
module-screwup checking the same way that it affects eassert?
One other thing. We typically don't need 'eassert (p != NULL)' if P is a pointer
that is about to be dereferenced, as Emacs platforms with ENABLE_CHECKING catch
null-pointer deferences in the hardware nowadays.
Instead of using runtime checks, perhaps we should decorate emacs-module.h's
function declarations with __attribute__ ((__nonnull__ ((N)))) if argument N of
a module function is supposed to be nonnull, so that problems in this area can
(mostly) be caught statically. We could add a macro like the following to
src/emacs-module.h, after the definition of EMACS_NOEXCEPT:
#if 3 < __GNUC__ + (3 <= __GNUC_MINOR__)
# define EMACS_ARG_NONNULL(...) __attribute__ ((__nonnull__ ((__VA_ARGS__))))
#else
# define EMACS_ARG_NONNULL(...)
#endif
and then use EMACS_ARG_NONNULL calls for function pointers whose arguments are
supposed to be nonnull.
next reply other threads:[~2017-06-05 2:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 2:48 Paul Eggert [this message]
2017-06-05 13:56 ` emacs-module.c, eassert, and nonnull args Philipp Stephani
2017-06-05 15:33 ` Eli Zaretskii
2017-06-11 13:50 ` Philipp Stephani
2017-06-11 17:45 ` Paul Eggert
2017-06-11 20:34 ` Philipp Stephani
2017-06-12 14:34 ` Philipp Stephani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a128432-e087-ad45-a15c-c2b0ebb8f28d@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=emacs-devel@gnu.org \
--cc=phst@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).