GNU bug report logs - #75964
Switching the Emacs build to -Wswitch-enum in src/

Previous Next

Package: emacs;

Reported by: Pip Cet <pipcet <at> protonmail.com>

Date: Fri, 31 Jan 2025 09:41:02 UTC

Severity: wishlist

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> protonmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: acorallo <at> gnu.org, eggert <at> cs.ucla.edu, 75964 <at> debbugs.gnu.org, stefankangas <at> gmail.com, monnier <at> iro.umontreal.ca
Subject: bug#75964: Switching the Emacs build to -Wswitch-enum in src/
Date: Sun, 02 Feb 2025 17:30:50 +0000

"Eli Zaretskii" <eliz <at> gnu.org> writes:

>> Date: Sun, 02 Feb 2025 16:51:30 +0000
>> From: Pip Cet <pipcet <at> protonmail.com>
>> Cc: eggert <at> cs.ucla.edu, 75964 <at> debbugs.gnu.org, stefankangas <at> gmail.com, acorallo <at> gnu.org, monnier <at> iro.umontreal.ca
>>
>> "Eli Zaretskii" <eliz <at> gnu.org> writes:
>>
>> >> We often use eassert for that, and I don't know how many people realize
>> >> this subtle difference between emacs_abort () and eassert (0).
>> >
>> > Well, I do: eassert compiles to nothing in a production build, so it
>> > is only okay if the code can do something with the situation, albeit
>> > something that will cause weird effects.  eassert is also appropriate
>> > to convey the assumptions made by the code, even if no trouble will be
>> > caused by violating those assumptions.
>>
>> Interesting.  I often use eassert where the only thing we can do in a
>> production build is almost certainly a crash.  Can you say more about
>> cases in which it's used to avoid crashes?
>
> No, eassert should _never_ be used to avoid crashes.  It should be
> used to flag problems (by forcing a crash) before the mistaken code
> causes too much harm, with the purpose of helping us find problems
> before they become very hard to analyze.

Sorry, I misunderstood.  I agree completely with this statement, and was
confused by "the code can do something with the situation".

> A crash can only be avoided if we have a fallback code that can do
> something reasonable with an impossible situation, like signaling an
> error or silently skipping some action.

Agreed.  eassert is definitely not good for that.

>
>> >> I still think eassume and eassert shouldn't evaluate expressions with
>> >> side effects.
>> >
>> > I agree.  Do we have code which does that in Emacs?
>>
>> I'm aware of
>>
>>       eassert (check_comp_unit_relocs (comp_u));
>>
>> in comp.c, which does call an extra function, which might in theory have
>> side effects because dynlib_sym or Flength or, God forbid, Fgethash may
>> develop some.  But, really, this is a special case and a very minor
>> issue.
>
> I'm quite sure there was no intention for the above to cause any side
> effects.

Yes, which is why it's only technically an example.  If I see

eassert (i++ < len)

I'll let you know :-)

Pip
This bug report was last modified 127 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.