or fix clang not to be stupid
On 18 April 2017 at 09:17, Taylor R Campbell <campbell+netbsd-tech-userle...@mumble.net> wrote: >> Date: Tue, 18 Apr 2017 19:38:06 +0800 (+08) >> From: Paul Goyette <p...@whooppee.com> >> >> I looked at the picture, and it seems to me it is doing the same thing >> that it does for any other "if ()" condition. Look just a little bit >> further down and you'll see the same "assumption" on an if that isn't >> buried inside a macro. >> >> In short, there's nothing wrong, nothing to investigate. > > On seeing > > KASSERT(mss != 0); // (a) > KASSERT(len % mss == 0); // (b) > > Clang concludes by the conditional in (a) that mss == 0 is a > possibility, and under that premise that there is a possible division > by zero in (b). This possibility is exactly what the assertion is > supposed to assist Clang in ruling out. > > Marking kern_assert as __dead should at least let the static analyzer > do the reasoning it needs, though if we want to preserve the behaviour > that kern_assert returns if we're in a panic, then we must be careful > not to compile the code with kern_assert marked as __dead, because > clang will yield completely different behaviour in that case. >
