From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Philipp Stephani
Thanks for your recent improvements to emacs-module.c. One th= ing I noticed,
though, was that it added several easserts. However, there's a comment = at the
start of emacs-module.c that says "Do NOT use 'eassert'".= To play it safe for
now I removed the easserts, and thought I'd raise this on emacs-discuss= .
As I understand it, emacs-module.c's use of eassert is intended for bug= s in
Emacs itself, not for bugs in user-supplied modules. Although perhaps we ne= ed a
more-systematic way of issuing signals for screwups in modules, 'easser= t' sounds
dicey for that as assertion failures are so drastic. Even though modules ca= n
dump core on their own, should Emacs be on high alert and dump core merely<= br> because a module has an invalid value? Plus, should ENABLE_CHECKING affect<= br> module-screwup checking the same way that it affects eassert?I think you are right, eassert is the wrong tool her= e. If at all, module developers can be expected to use normal release build= s of Emacs, so eassert wouldn't help them.In the attached pa= tch I've implemented a command-line option '-module-assertions'= that allows these assertions to be enabled at runtime. The option is meant= to be used during development for batch jobs and sessions where crashing i= s OK.(The commit doesn't contain documentation yet.)=C2=A0
Instead of using runtime checks, perhaps we should decorate emacs-module.h&= #39;s
function declarations with __attribute__ ((__nonnull__ ((N)))) if argument = N of
a module function is supposed to be nonnull, so that problems in this area = can
(mostly) be caught statically. We could add a macro like the following to src/emacs-module.h, after the definition of EMACS_NOEXCEPT:
=C2=A0 =C2=A0#if 3 < __GNUC__ + (3 <=3D __GNUC_MINOR__)
=C2=A0 =C2=A0# define EMACS_ARG_NONNULL(...) __attribute__ ((__nonnull__ ((= __VA_ARGS__))))
=C2=A0 =C2=A0#else
=C2=A0 =C2=A0# define EMACS_ARG_NONNULL(...)
=C2=A0 =C2=A0#endif
and then use EMACS_ARG_NONNULL calls for function pointers whose arguments = are
supposed to be nonnull.