[PATCH] doc: update users.txt

[Jim Meyering]

I've moved the git repo for iwhd.  This updates its URL:

>From bf2664dc000e0bd9c460b8fa6297dcfe7d8fa9ef Mon Sep 17 00:00:00 2001
From: Jim Meyering 
Date: Tue, 15 Feb 2011 10:41:00 +0100
Subject: [PATCH] doc: update users.txt

* users.txt: Update iwhd's URL.
---
 ChangeLog |5 +
 users.txt |2 +-
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 43421a4..8e14a2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-02-15  Jim Meyering  
+
+   doc: update users.txt
+   * users.txt: Update iwhd's URL.
+
 2011-02-13  Bruno Haible  

Consistent macro naming for macros that use GCC __attribute__.
diff --git a/users.txt b/users.txt
index 22c4a72..8ba07f6 100644
--- a/users.txt
+++ b/users.txt
@@ -32,7 +32,7 @@ The following packages appear to be using gnulib and 
gnulib-tool:
   hivex   http://git.annexia.org/?p=hivex.git
   icoutils
http://riva.ucam.org/svn/cjwatson/src/debian/icoutils/trunk/icoutils/
   inetutils   http://cvs.sv.gnu.org/viewcvs/inetutils/inetutils/
-  iwhdhttp://repo.or.cz/w/iwhd.git
+  iwhdhttp://git.fedorahosted.org/git/?p=iwhd.git
   jwhois  http://cvs.sv.gnu.org/viewvc/jwhois/jwhois/
   libdap  http://scm.opendap.org:8090/svn/trunk/libdap/
   libffcall   http://savannah.gnu.org/projects/libffcall/
--
1.7.4.19.ga8e4a

proposed getloadavg patch to trim unused parts and speed up 'configure'

[Paul Eggert]

In modifying GNU Emacs to use getloadavg I noticed that configuring
getloadavg takes too much time, and that this isn't needed.  I
propose the following patch.  It removes support for ancient features
that I think nobody needs any more, namely, getloadavg implementations
that require setgid use, along with the #defines C_GETLOADAVG,
HAVE_GETLOADAVG, and NLIST_NAME_UNION, which nobody should need
any more.  Comments are welcome.

getloadavg: trim unused parts and speed up 'configure'
* NEWS: Document this.
* lib/getloadavg.c: Ignore HAVE_GETLOADAVG; this file is now
always compiled if getloadavg is absent.
Move test code to ...
* tests/test-getloadavg.c: New file, containing previous
contents of test from lib/getloadavg.c.
* modules/getloadavg-tests: New file.
* m4/getloadavg.m4 (gl_GETLOADAVG): Do not check for getloadavg twice.
Do tests in the same order as they're needed for getloadavg.c.
Omit setgid-related tests that generate symbols KMEM_GROUP,
NEET_SETGID, GETLOADAVG_PRIVILEGED; nobody seems to use those any more.
Do only the tests that are needed to see whether the system has
getloadavg, moving the other tests into ...
(gl_PREREQ_GETLOADAVG): ... here.  Do not define obsolete symbol
NLIST_NAME_UNION; nobody should be using it.  Do not define
symbols C_GETLOADAVG and HAVE_GETLOADAVG; they're no longer
relevant, as the user of this module shouldn't care how getloadavg
is implemented.
diff --git a/NEWS b/NEWS
index 13197f7..795488a 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,17 @@ User visible incompatible changes

 DateModules Changes

+2011-02-14  getloadavg  This module no longer #defines C_GETLOADAVG or
+HAVE_GETLOADAVG, as the application no longer needs
+to worry about how getloadavg is defined.  It no
+longer defines the obsolete symbol NLIST_NAME_UNION
+(which should have been internal to the module
+anyway).  Also, support for setgid use has been
+removed, as nobody seems to be using it; thus
+GETLOADAVG_PRIVILEGED is no longer #defined and
+KMEM_GROUP and NEED_SETGID are no longer
+substituted for.
+
 2011-02-08  wctype-hThis module no longer provides the iswblank()
 function. If you need this function, you now need
 to request the 'iswblank' module.
diff --git a/lib/getloadavg.c b/lib/getloadavg.c
index 96a6aa4..8e91714 100644
--- a/lib/getloadavg.c
+++ b/lib/getloadavg.c
@@ -94,11 +94,6 @@
 #include 
 #include 

-/* Exclude all the code except the test program at the end
-   if the system has its own `getloadavg' function.  */
-
-#ifndef HAVE_GETLOADAVG
-
 # include 

 /* Both the Emacs and non-Emacs sections want this.  Some
@@ -1032,44 +1027,3 @@ getloadavg (double loadavg[], int nelem)
 # endif
   return elem;
 }
-
-#endif /* ! HAVE_GETLOADAVG */
-
-#ifdef TEST
-int
-main (int argc, char **argv)
-{
-  int naptime = 0;
-
-  if (argc > 1)
-naptime = atoi (argv[1]);
-
-  while (1)
-{
-  double avg[3];
-  int loads;
-
-  errno = 0;/* Don't be misled if it doesn't set errno.  */
-  loads = getloadavg (avg, 3);
-  if (loads == -1)
-{
-  perror ("Error getting load average");
-  return EXIT_FAILURE;
-}
-  if (loads > 0)
-printf ("1-minute: %f  ", avg[0]);
-  if (loads > 1)
-printf ("5-minute: %f  ", avg[1]);
-  if (loads > 2)
-printf ("15-minute: %f  ", avg[2]);
-  if (loads > 0)
-putchar ('\n');
-
-  if (naptime == 0)
-break;
-  sleep (naptime);
-}
-
-  return EXIT_SUCCESS;
-}
-#endif /* TEST */
diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4
index d25ad34..4aae158 100644
--- a/m4/getloadavg.m4
+++ b/m4/getloadavg.m4
@@ -20,90 +20,44 @@ AC_DEFUN([gl_GETLOADAVG],
 # Persuade glibc  to declare getloadavg().
 AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])

-gl_have_func=no # yes means we've found a way to get the load average.
-
 # Make sure getloadavg.c is where it belongs, at configure-time.
 test -f "$srcdir/$1/getloadavg.c" ||
   AC_MSG_ERROR([$srcdir/$1/getloadavg.c is missing])

 gl_save_LIBS=$LIBS

-# Check for getloadavg, but be sure not to touch the cache variable.
-(AC_CHECK_FUNC([getloadavg], [exit 0], [exit 1])) && gl_have_func=yes
-
-# On HPUX9, an unprivileged user can get load averages through this function.
-AC_CHECK_FUNCS([pstat_getdynamic])
-
-# Solaris has libkstat which does not require root.
-AC_CHECK_LIB([kstat], [kstat_open])
-test $ac_cv_lib_kstat_kstat_open = yes && gl_have_func=yes
+AC_CHECK_FUNC([getloadavg], [],
+  [gl_have_func=no
+
+   # Some systems with -lutil have (and need) -lkvm as well, some do not.
+   # On Solaris, -lkvm requires nlist from -lelf, so check that first
+   # to get the right answer

Re: getloadavg test

[Bruno Haible]

Hi Paul,

> Move test code to ...
> * tests/test-getloadavg.c: New file, containing previous
> contents of test from lib/getloadavg.c.
> * modules/getloadavg-tests: New file.

This test can be run in two modes:
  - simple test: call getloadavg once, and print one line.
  - repeated test: call getloadavg repeatedly, every couple of seconds, in an
endless loop.

Whereas the unit tests in gnulib usually don't print anything when nothing is
wrong. (Because otherwise the "make check" output would take so much time to
understand, and obscure the failures.)

So, I would find it useful to
  - change the test so that when it is run without arguments, it calls
getloadavg and does only some plausibility checks but without printing
anything in the normal case,
  - add comments indicating that the program can also be used as a manual
test, and how to invoke it in this case. It would be overkill to add a
--help processing to it, but 2-3 lines of comments seem useful.

Bruno
-- 
In memoriam Matija Gubec 

Re: getloadavg and errno

[Bruno Haible]

Hi Paul, Jim,

> +  errno = 0;/* Don't be misled if it doesn't set errno.  
> */
> +  loads = getloadavg (avg, 3);
> +  if (loads == -1)
> +{
> +  perror ("Skipping test; load average not supported");
> +  return 77;
> +}

This assignment to errno, followed by the use of errno when getloadavg()
failed, brings up a question: Is getloadavg() supposed to set errno when it
fails or not?

The specification in lib/getloadavg.c indicates that "no":

  /* Put the 1 minute, 5 minute and 15 minute load averages
 into the first NELEM elements of LOADAVG.
 Return the number written (never more than 3, but may be less than NELEM),
 or -1 if an error occurred.  */

In this case the test should use fputs, not perror.

Or if the answer is "yes", then the specification should say so, and the
assignment to errno in the test should be removed.

Bruno
-- 
In memoriam Matija Gubec 

Re: getloadavg and errno

[Jim Meyering]

Bruno Haible wrote:

> Hi Paul, Jim,
>
>> +  errno = 0;/* Don't be misled if it doesn't set errno. 
>>  */
>> +  loads = getloadavg (avg, 3);
>> +  if (loads == -1)
>> +{
>> +  perror ("Skipping test; load average not supported");
>> +  return 77;
>> +}
>
> This assignment to errno, followed by the use of errno when getloadavg()
> failed, brings up a question: Is getloadavg() supposed to set errno when it
> fails or not?
>
> The specification in lib/getloadavg.c indicates that "no":
>
>   /* Put the 1 minute, 5 minute and 15 minute load averages
>  into the first NELEM elements of LOADAVG.
>  Return the number written (never more than 3, but may be less than 
> NELEM),
>  or -1 if an error occurred.  */
>
> In this case the test should use fputs, not perror.
>
> Or if the answer is "yes", then the specification should say so, and the
> assignment to errno in the test should be removed.

Hi Bruno,

Specifying that errno may be changed sounds better, even though
coreutils' sole use in uptime.c does not use that.  For example,
if an open or read attempt fails with EIO, the caller should be
able to report that (or at least to distinguish between that
failure and lack of support), even if there is no way to include
the name of the affected file.

Re: [PATCH] vasnprintf: silence some clang false positives

[Eric Blake]

On 02/14/2011 07:11 PM, Bruno Haible wrote:
> Hi Eric,
> 
>> Bruno, would you be okay with this patch?
> 
>> +* lib/vasnprintf.c (VASNPRINTF) [ENSURE_ALLOCATION]: Teach clang
>> +that ENSURE_ALLOCATION guarantees a non-null result.
> 
>> +else if (!result)   
>>  \
>> +  abort ()
> 
> No, this patch is wrong. ENSURE_ALLOCATION does not guarantee a non-NULL
> 'result'. In fact, in the invocations at lines 2060, 2094, 2188, , 2316,
> 2350, 2565, 2820, 2880, 3379, 4565, 5321, 5347, 5353, 5358, the 'needed'
> argument may be 0, and when at the same time the 'allocated' variable is
> also 0, the 'result' will be NULL. You patch would add an invocation of
> abort() in these cases.

OK, so the real fix is to add annotations at the three places that clang
flagged as potential NULL dereferences, rather than changing
ENSURE_ALLOCATION [shown here using abort, but see below]:

From 7501dd6520b2fd639286004e63ce1d0f84523798 Mon Sep 17 00:00:00 2001
From: Eric Blake 
Date: Mon, 14 Feb 2011 15:51:58 -0700
Subject: [PATCH] vasnprintf: silence some clang false positives

Clang missed the fact that when ENSURE_ALLOCATION is called with
a guaranteed non-zero value, then result is guaranteed non-NULL
after that point.  Adding some conditionals fix the analysis.

* lib/vasnprintf.c (VASNPRINTF): Teach clang when
ENSURE_ALLOCATION guarantees a non-null result.

Signed-off-by: Eric Blake 
---
 ChangeLog|6 ++
 lib/vasnprintf.c |4 
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8e14a2b..d639fe2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-02-14  Eric Blake  
+
+   vasnprintf: silence some clang false positives
+   * lib/vasnprintf.c (VASNPRINTF): Teach clang when
+   ENSURE_ALLOCATION guarantees a non-null result.
+
 2011-02-15  Jim Meyering  

doc: update users.txt
diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index 8f07308..19da825 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -1847,6 +1847,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
 size_t augmented_length = xsum (length, n);

 ENSURE_ALLOCATION (augmented_length);
+if (!result)
+  abort ();
 /* This copies a piece of FCHAR_T[] into a DCHAR_T[].  Here we
need that the format string contains only ASCII characters
if FCHAR_T and DCHAR_T are not the same type.  */
@@ -5517,6 +5519,8 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,

 /* Add the final NUL.  */
 ENSURE_ALLOCATION (xsum (length, 1));
+if (!result)
+  abort ();
 result[length] = '\0';

 if (result != resultbuf && length + 1 < allocated)
---
1.7.4



>   2) There will always be situations where the tool cannot determine the
>  invariants of a program automatically. For these cases, the language
>  needs a way to assert invariants. What is the way to assert invariants
>  that clang understands? Is 'assert(condition)' or
>  'if (!condition) abort();' enough?

Yes, 'assert(cond)' (when NDEBUG is not defined), or 'if (!cond)
abort();', are both equally good at informing any decent static analysis
tool about an invariant.

In fact, here's how the libvirt project does it:

In configure.ac:

# Detect when running under the clang static analyzer's scan-build driver
# or Coverity-prevent's cov-build.  Define STATIC_ANALYSIS accordingly.
test -n "$CCC_ANALYZER_ANALYSIS$COVERITY_BUILD_COMMAND" && t=1 || t=0
AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
  [Define to 1 when performing static analysis.])

then in a common header:

# if STATIC_ANALYSIS
#  undef NDEBUG /* Don't let a prior NDEBUG definition cause trouble.  */
#  include 
#  define sa_assert(expr) assert (expr)
# else
#  define sa_assert(expr) /* empty */
# endif

Then anywhere that clang or coverity or other tools need help, then
sa_assert(cond) works as a no-op for normal compilation while still
providing the extra info needed to avoid false positives from the static
analysis.

> So, what I'd like to see is a standard way to declare invariants (assertions)
> in a way that clang and other static analysis tools (maybe GCC in the future?)
> could understand.

Should we create a gnulib module that defines sa_assert() automatically?

> Of course, these declarations should have no negative
> impact on the speed of the program. (When you declare types in CL or C#, it
> also never degrades the performance.)

Correct - those assertions are only defined when doing static analysis,
and are not present in normal compilation and therefore cannot degrade
normal performance.

-- 
Eric Blake   ebl...@redhat.com+1-801-349-2682
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [PATCH] vasnprintf: silence some clang false positives

[Paul Eggert]

On 02/15/2011 07:40 AM, Eric Blake wrote:
> # if STATIC_ANALYSIS
> #  undef NDEBUG /* Don't let a prior NDEBUG definition cause trouble.  */
> #  include 
> #  define sa_assert(expr) assert (expr)
> # else
> #  define sa_assert(expr) /* empty */
> # endif

It doesn't feel right that sa_assert uses assert.
They should be more independent.  One should be able
to assert (X) as well as sa_assert (X), or do just
the assert, or just the sa_assert.

I think part of the problem here is the naming convention.
Ordinary C "assert (X)" means "crash if X is false".
But sa_assert (X) means "assume that X is true".
These are two very different different things.
I have some qualms about colliding with a C naming convention
that has been used for over three decades, even if the C
name is "wrong" from a static analysis point of view.

If we want to do this sort of thing, I suggest using a different
name for the static analysis macro, a name that more
obviously differs from "assert (X)".  How about "assume (X)"?

I also suggest that "assume (X)" not be implemented in
terms of "assert (X)", so that the two notions are
more clearly independent.  It's OK if both are implemented
as "if (! (X)) abort ();"; the point is that one should be
able to enable or disable runtime checking (by flipping NDEBUG
on and off) without worrying whether static analysis will
get garbled.

Re: [PATCH] vasnprintf: silence some clang false positives

[Ben Pfaff]

Paul Eggert  writes:

> If we want to do this sort of thing, I suggest using a different
> name for the static analysis macro, a name that more
> obviously differs from "assert (X)".  How about "assume (X)"?

invariant (X)?
-- 
Ben Pfaff 
http://benpfaff.org

Re: [PATCH] vasnprintf: silence some clang false positives

[Jim Meyering]

Ben Pfaff wrote:

> Paul Eggert  writes:
>
>> If we want to do this sort of thing, I suggest using a different
>> name for the static analysis macro, a name that more
>> obviously differs from "assert (X)".  How about "assume (X)"?
>
> invariant (X)?

I like that.
Though we should probably name it gl_invariant.

Re: getloadavg and errno

[Paul Eggert]

On 02/15/2011 03:25 AM, Jim Meyering wrote:

Specifying that errno may be changed sounds better, even though
coreutils' sole use in uptime.c does not use that.


I think I'd prefer a getloadavg that always sets errno when it
fails; that's simpler and regular, and it's what getloadavg
does on GNU/Linux and on Solaris.  Here's an addition to the
proposed patch, to do that.

From c40b13d678953540adb6a381a74dd61cbfc4e3c4 Mon Sep 17 00:00:00 2001
From: Paul Eggert 
Date: Tue, 15 Feb 2011 11:13:28 -0800
Subject: [PATCH] getloadavg: set errno

* lib/getloadavg.c: Set errno when returning -1.  If no other
error number looks appropriate, set it to ENOSYS if the getloadavg
looks like it can't possibly ever work, ENOTSUP otherwise.
Suggested by Bruno Haible in
.
---
 ChangeLog|   10 ++
 lib/getloadavg.c |   42 +-
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4fc846d..bcc8aa7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2011-02-15  Paul Eggert  
+
+   getloadavg: set errno
+
+   * lib/getloadavg.c: Set errno when returning -1.  If no other
+   error number looks appropriate, set it to ENOSYS if the getloadavg
+   looks like it can't possibly ever work, ENOTSUP otherwise.
+   Suggested by Bruno Haible in
+   .
+
 2011-02-14  Paul Eggert  
 
 	getloadavg: trim unused parts and speed up 'configure'

diff --git a/lib/getloadavg.c b/lib/getloadavg.c
index 8e91714..e278e0c 100644
--- a/lib/getloadavg.c
+++ b/lib/getloadavg.c
@@ -495,7 +495,7 @@ static kvm_t *kd;
 /* Put the 1 minute, 5 minute and 15 minute load averages
into the first NELEM elements of LOADAVG.
Return the number written (never more than 3, but may be less than NELEM),
-   or -1 if an error occurred.  */
+   or -1 (setting errno) if an error occurred.  */
 
 int

 getloadavg (double loadavg[], int nelem)
@@ -504,9 +504,7 @@ getloadavg (double loadavg[], int nelem)
 
 # ifdef NO_GET_LOAD_AVG

 #  define LDAV_DONE
-  /* Set errno to zero to indicate that there was no particular error;
- this function just can't work at all on this system.  */
-  errno = 0;
+  errno = ENOSYS;
   elem = -1;
 # endif
 
@@ -516,6 +514,7 @@ getloadavg (double loadavg[], int nelem)

   kstat_ctl_t *kc;
   kstat_t *ksp;
   kstat_named_t *kn;
+  int saved_errno;
 
   kc = kstat_open ();

   if (kc == 0)
@@ -554,7 +553,9 @@ getloadavg (double loadavg[], int nelem)
 }
 }
 
+  saved_errno = errno;

   kstat_close (kc);
+  errno = saved_errno;
 # endif /* HAVE_LIBKSTAT */
 
 # if !defined (LDAV_DONE) && defined (hpux) && defined (HAVE_PSTAT_GETDYNAMIC)

@@ -600,13 +601,15 @@ getloadavg (double loadavg[], int nelem)
 
   char ldavgbuf[3 * (INT_STRLEN_BOUND (int) + sizeof ".00 ")];

   char const *ptr = ldavgbuf;
-  int fd, count;
+  int fd, count, saved_errno;
 
   fd = open (LINUX_LDAV_FILE, O_RDONLY);

   if (fd == -1)
 return -1;
   count = read (fd, ldavgbuf, sizeof ldavgbuf - 1);
+  saved_errno = errno;
   (void) close (fd);
+  errno = saved_errno;
   if (count <= 0)
 return -1;
   ldavgbuf[count] = '\0';
@@ -625,7 +628,10 @@ getloadavg (double loadavg[], int nelem)
   if (! ('0' <= *ptr && *ptr <= '9'))
 {
   if (elem == 0)
-return -1;
+{
+  errno = ENOTSUP;
+  return -1;
+}
   break;
 }
 
@@ -663,7 +669,10 @@ getloadavg (double loadavg[], int nelem)

   &scale);
   (void) fclose (fp);
   if (count != 4)
-return -1;
+{
+  errno = ENOTSUP;
+  return -1;
+}
 
   for (elem = 0; elem < nelem; elem++)

 loadavg[elem] = (double) load_ave[elem] / (double) scale;
@@ -704,7 +713,10 @@ getloadavg (double loadavg[], int nelem)
 }
 
   if (!getloadavg_initialized)

-return -1;
+{
+  errno = ENOTSUP;
+  return -1;
+}
 # endif /* NeXT */
 
 # if !defined (LDAV_DONE) && defined (UMAX)

@@ -889,7 +901,10 @@ getloadavg (double loadavg[], int nelem)
 }
 
   if (!getloadavg_initialized)

-return -1;
+{
+  errno = ENOTSUP;
+  return -1;
+}
 # endif /* ! defined LDAV_DONE && defined __VMS */
 
 # if ! defined LDAV_DONE && defined LOAD_AVE_TYPE && ! defined __VMS

@@ -1005,7 +1020,10 @@ getloadavg (double loadavg[], int nelem)
 }
 
   if (offset == 0 || !getloadavg_initialized)

-return -1;
+{
+  errno = ENOTSUP;
+  return -1;
+}
 # endif /* ! defined LDAV_DONE && defined LOAD_AVE_TYPE && ! defined __VMS */
 
 # if !defined (LDAV_DONE) && defined (LOAD_AVE_TYPE) /* Including VMS.  */

@@ -1020,9 +1038,7 @@ getloadavg (double loadavg[], int nelem)
 # endif /* !LDAV_DONE && LOAD_AVE_TYPE */
 
 # if !defined LDAV_DONE

-  /* Set errno to zero to indicate that there was no particular error;
- this 

Re: [PATCH] vasnprintf: silence some clang false positives

[Paul Eggert]

 invariant (X)?


I'm not a big fan of that name, since the expressions in
question are often not invariants.  They might be preconditions
or postconditions, for example.

[PATCH] getloadavg: omit unused var

[Paul Eggert]

This fixes a glitch I introduced a few days ago.

* lib/getloadavg.c (getloadavg): Omit unused local variable.
---
 ChangeLog|5 +
 lib/getloadavg.c |1 -
 2 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8e14a2b..3e0378c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-02-15  Paul Eggert  
+
+   getloadavg: omit unused var
+   * lib/getloadavg.c (getloadavg): Omit unused local variable.
+
 2011-02-15  Jim Meyering  
 
 	doc: update users.txt

diff --git a/lib/getloadavg.c b/lib/getloadavg.c
index 96a6aa4..29c9bff 100644
--- a/lib/getloadavg.c
+++ b/lib/getloadavg.c
@@ -620,7 +620,6 @@ getloadavg (double loadavg[], int nelem)
 {
   double numerator = 0;
   double denominator = 1;
-  bool have_digit = false;
 
   while (*ptr == ' ')

 ptr++;
--
1.7.4

Re: [PATCH] vasnprintf: silence some clang false positives

[Jim Meyering]

Paul Eggert wrote:
>>>  invariant (X)?
>
> I'm not a big fan of that name, since the expressions in
> question are often not invariants.  They might be preconditions
> or postconditions, for example.

True.  So gl_assume (X) ?

Hmm... or gl_veritas (X)
But that's probably too obscure.
Which makes me think of simply gl_true (X).

I have a slight preference for the semantics of gl_assume.

Re: getloadavg test

[Paul Eggert]

Thanks for that review, Bruno.  I'll add the following before pushing:

From c46ceeaabfab5055455daf282e64bc37d3a98ea9 Mon Sep 17 00:00:00 2001
From: Paul Eggert 
Date: Tue, 15 Feb 2011 13:09:20 -0800
Subject: [PATCH] test-getloadavg: make it act like other tests

Suggested by Bruno Haible in
.
* tests/test-getloadavg.c (check_avg): New function.
(main): Use it.

2011-02-15  Paul Eggert  
---
 ChangeLog   |9 +
 tests/test-getloadavg.c |   28 
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5bfbfe3..a4b973f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2011-02-15  Paul Eggert  
 
+	test-getloadavg: make it act like other tests

+
+   Suggested by Bruno Haible in
+   .
+   * tests/test-getloadavg.c (check_avg): New function.
+   (main): Use it.
+
+2011-02-15  Paul Eggert  
+
getloadavg: set errno
 
 	* lib/getloadavg.c: Set errno when returning -1.  If no other

diff --git a/tests/test-getloadavg.c b/tests/test-getloadavg.c
index 1dc0437..f9b4a79 100644
--- a/tests/test-getloadavg.c
+++ b/tests/test-getloadavg.c
@@ -25,6 +25,19 @@ SIGNATURE_CHECK (getloadavg, int, (double [], int));
 #include 
 #include 
 
+static void

+check_avg (int minutes, double avg, int printit)
+{
+  if (printit)
+printf ("%d-minute: %f  ", minutes, avg);
+  if (avg < 0 || avg != avg)
+exit (minutes);
+}
+
+/* This program can also be used as a manual test, by invoking it with
+   an argument; it then prints the load average.  If the argument is
+   nonzero, the manual test repeats forever, sleeping for the stated
+   interval between each iteration.  */
 int
 main (int argc, char **argv)
 {
@@ -36,22 +49,21 @@ main (int argc, char **argv)
   while (1)
 {
   double avg[3];
-  int loads;
-
-  errno = 0;/* Don't be misled if it doesn't set errno.  */
-  loads = getloadavg (avg, 3);
+  int loads = getloadavg (avg, 3);
   if (loads == -1)
 {
+  if (! (errno == ENOSYS || errno == ENOTSUP))
+return 1;
   perror ("Skipping test; load average not supported");
   return 77;
 }
   if (loads > 0)
-printf ("1-minute: %f  ", avg[0]);
+check_avg (1, avg[0], argc > 1);
   if (loads > 1)
-printf ("5-minute: %f  ", avg[1]);
+check_avg (5, avg[1], argc > 1);
   if (loads > 2)
-printf ("15-minute: %f  ", avg[2]);
-  if (loads > 0)
+check_avg (15, avg[1], argc > 1);
+  if (loads > 0 && argc > 1)
 putchar ('\n');
 
   if (naptime == 0)

--
1.7.4

static analysis assumption (was: Re: [PATCH] vasnprintf: silence some clang false positives)

[Bruce Korb]

On 02/15/11 12:38, Paul Eggert wrote:
>>>  invariant (X)?

gl_assume(X) seems like a good choice to me.
"invariant" doesn't imply that "X" is either true or false
and, as Paul said, the expression need not be constructed of
invariant components.  Yes, the result should be invariant
(invariant-true or invariant-false?), but it is fuzzy.
"gl_assume()" seems pretty clear to me.