[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master 74f54af: Use eassume (false) for branch that's neve

From: Paul Eggert
Subject: [Emacs-diffs] master 74f54af: Use eassume (false) for branch that's never taken.
Date: Mon, 22 Apr 2019 17:52:32 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Eli Zaretskii wrote:
> Anything's possible with bugs.  AFAIU, that's what this discussion is
> about.  Because if it's_really_  impossible, then eassume has no place
> there, either.

Let me try to explain. eassume is designed for the situation where the
programmer knows something that the compiler does not infer on its own,
and where this knowledge can help the compiler produce better
diagnostics or better code.

Here is a toy example. Suppose GCC was so amazingly dumb that if you did

      int i = 27;
      return 1000 / i;

then GCC warned "possible integer division by zero" and inserted a
runtime check (just before the 'return' statement) that 'i' is nonzero.
And suppose you could disable the warning (and improve performance) by
doing this instead:

      int i = 27;
      eassume (i == 27);
      return 1000 / i;

Would we reject this solution because "if it's _really_ impossible, then
eassume has no place there"?  No, because it really *is* impossible for
i != 27 there; but in this (very contrived) example, eassume *does* have
a place, namely to pacify the amazingly dumb compiler.

The case that started this thread is similar, except that GCC is not as
dumb as in the contrived example above.

One might at first think that because the programmer might have made a
mistake and it's better to be safe than sorry, we should replace
instances of 'eassume (X);' with 'if (!X) emacs_abort ();' so that there
is always a runtime check, even in production. But that would be
overkill, for the same reason that replacing all instances of 'eassert
(X);' with 'if (!X) emacs_abort ();' would be overkill.

By the way, now that we have -fsanitize=undefined, it would be realistic
to simplify Emacs by dropping 'eassume' and replacing all uses with
plain 'assume', as modern compilers will do the runtime check for us
automatically (if we use -fsanitize=reachable), and older compilers are
kind of lost causes anyway.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]