> Date: Tue, 18 Apr 2017 19:38:06 +0800 (+08) > From: Paul Goyette <p...@whooppee.com> > > I looked at the picture, and it seems to me it is doing the same thing > that it does for any other "if ()" condition. Look just a little bit > further down and you'll see the same "assumption" on an if that isn't > buried inside a macro. > > In short, there's nothing wrong, nothing to investigate.
On seeing KASSERT(mss != 0); // (a) KASSERT(len % mss == 0); // (b) Clang concludes by the conditional in (a) that mss == 0 is a possibility, and under that premise that there is a possible division by zero in (b). This possibility is exactly what the assertion is supposed to assist Clang in ruling out. Marking kern_assert as __dead should at least let the static analyzer do the reasoning it needs, though if we want to preserve the behaviour that kern_assert returns if we're in a panic, then we must be careful not to compile the code with kern_assert marked as __dead, because clang will yield completely different behaviour in that case.
