maint: improve static and dynamic checking

This modernizes the source code somewhat, to take advantage of advances in GCC over the years, and Gnulib’s ‘assure’ module. Include assure.h in files that now need it. Do not include assert.h directly; it’s no longer needed. * bootstrap.conf (gnulib_modules): Add ‘assure’. * gl/lib/randread.c (randread_error): * src/chmod.c (describe_change): * src/chown-core.c (describe_change): * src/cp.c (decode_preserve_arg): * src/head.c (diagnose_copy_fd_failure): * src/ls.c (parse_ls_color): * src/od.c (decode_one_format): * src/split.c (main): * src/test.c (binary_operator, posixtest): Prefer affirm to abort, since it has better diagnostics in the normal case and better performance with -DNDEBUG. * gl/lib/xdectoint.c, src/die.h: Include stddef.h, for unreachable. * gl/lib/xdectoint.c: Do not include verify.h; no longer needed. * gl/lib/xdectoint.c (__xnumtoint): * src/die.h (die): Prefer C23 unreachable () to assume (false). * gl/lib/xfts.c (xfts_open): * src/basenc.c (base32hex_encode): * src/copy.c (abandon_move, copy_internal, valid_options): * src/cut.c (cut_fields): * src/df.c (alloc_field, decode_output_arg, get_dev): * src/du.c (process_file, main): * src/echo.c (usage): * src/factor.c (udiv_qrnnd, mod2, gcd2_odd, factor_insert_large) (mulredc2, factor_using_pollard_rho, isqrt2, div_smallq) (factor_using_squfof): * src/iopoll.c (iopoll_internal, fwrite_wait): * src/join.c (add_field): * src/ls.c (dev_ino_pop, main, gobble_file, sort_files): * src/mv.c (do_move): * src/od.c (decode_format_string, read_block, dump, main): * src/remove.c (rm): * src/rm.c (main): * src/sort.c (stream_open): * src/split.c (next_file_name, lines_chunk_split): * src/stdbuf.c (main): * src/stty.c (set_speed): * src/tac-pipe.c (line_ptr_decrement, line_ptr_increment): * src/touch.c (touch): * src/tr.c (find_bracketed_repeat, get_next) (validate_case_classes, get_spec_stats, string2_extend, main): * src/tsort.c (search_item, tsort): * src/wc.c (main): Prefer affirm to assert, as it allows for better static checking when compiling with -DNDEBUG. * src/chown-core.c (change_file_owner): * src/df.c (get_field_list): * src/expr.c (printv, null, tostring, toarith, eval2): * src/ls.c (time_type_to_statx, calc_req_mask, get_funky_string) (print_long_format): * src/numfmt.c (simple_strtod_fatal): * src/od.c (decode_one_format): * src/stty.c (mode_type_flag): * src/tail.c (xlseek): * src/tr.c (is_char_class_member, get_next, get_spec_stats) (string2_extend): Prefer unreachable () to abort () or assert (false) when merely pacifying the compiler, e.g., in a switch statement on an enum where all cases are covered. * src/copy.c (valid_options): Now returns void; the bool was useless. Caller no longer needs to assert. * src/csplit.c (find_line): * src/expand-common.c (next_file): * src/shred.c (incname): * src/sort.c (main): * src/tr.c (append_normal_char, append_range, append_char_class) (append_repeated_char, append_equiv_class): * src/tsort.c (search_item): Omit assert, since the hardware will check for us. * src/df.c (header_mode): Now the enum type it should have been. * src/du.c (process_file): * src/ls.c (assert_matching_dev_ino): * src/tail.c (valid_file_spec): * src/tr.c (validate_case_classes): Mark defns with MAYBE_UNUSED if they’re not used when -DNDEBUG. * src/factor.c (prime_p, prime2_p, mp_prime_p): Now ATTRIBUTE_PURE. Prefer affirm to error+abort. No need to translate this diagnostic. * src/fmt.c (get_paragraph): * src/stty.c (display_changed, display_all, sane_mode): * src/who.c (idle_string): Prefer assume to assert, since the goal is merely pacification and assert doesn’t pacify anyway if -DNDEBUG is used. * src/join.c (decode_field_spec): Omit unreachable abort. * src/ls.c (assert_matching_dev_ino, main): * src/tr.c (get_next): Prefer assure to assert, since the check is relatively expensive and won’t help static analysis. * src/ls.c (main): Prefer static_assert to assert of a constant expression. (format_inode): Redo to make it clear that buflen doesn’t matter, and that buf must have a certain number of bytes. All callers changed. This pacifies -Wformat-overflow. * src/od.c (decode_one_format): Omit an assert that tested for obviously undefined behavior, as the compiler could optimize it away anyway. * src/od.c (decode_one_format, decode_format_string): Prefer ATTRIBUTE_NONNULL to runtime checking. * src/stat.c: Do not include <stddef.h> since system.h does that now. * src/sync.c (sync_arg): Prefer unreachable () to assert (true), which was a typo. * src/system.h: Include stddef.h, for unreachable. * src/tail.c (xlseek): Simplify by relying on ‘error’ to exit.
author: Paul Eggert <eggert@cs.ucla.edu> 2023-07-01 11:31:40 -0700
committer: Paul Eggert <eggert@cs.ucla.edu> 2023-07-01 11:51:15 -0700
commit: 478055dc30b9d1565e6b577485aea824ef22b038 (patch)
tree: 7695dafd6fbc614df86ab6737eddb07506ef0b81 /src/df.c
parent: maint: fix indenting in previous change (diff)
download: coreutils-478055dc30b9d1565e6b577485aea824ef22b038.tar.gz
coreutils-478055dc30b9d1565e6b577485aea824ef22b038.zip
1 files changed, 9 insertions, 13 deletions
diff --git a/src/df.c b/src/df.c
index c1b6bc48b..417791dd5 100644
--- a/src/df.c
+++ b/src/df.c
@@ -22,12 +22,12 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <getopt.h>
-#include <assert.h>
 #include <c-ctype.h>
 #include <wchar.h>
 #include <wctype.h>
 
 #include "system.h"
+#include "assure.h"
 #include "canonicalize.h"
 #include "die.h"
 #include "error.h"
@@ -129,15 +129,14 @@ static bool print_grand_total;
 static struct fs_usage grand_fsu;
 
 /* Display modes.  */
-enum
+static enum
 {
   DEFAULT_MODE,
   INODES_MODE,
   HUMAN_MODE,
   POSIX_MODE,
   OUTPUT_MODE
-};
-static int header_mode = DEFAULT_MODE;
+} header_mode = DEFAULT_MODE;
 
 /* Displayable fields.  */
 typedef enum
@@ -421,8 +420,7 @@ alloc_field (int f, char const *c)
   if (c != nullptr)
     columns[ncolumns - 1]->caption = c;
 
-  if (field_data[f].used)
-    assert (!"field used");
+  affirm (!field_data[f].used);
 
   /* Mark field as used.  */
   field_data[f].used = true;
@@ -493,7 +491,7 @@ decode_output_arg (char const *arg)
           break;
 
         default:
-          assert (!"invalid field");
+          affirm (!"invalid field");
         }
       s = comma;
     }
@@ -562,7 +560,7 @@ get_field_list (void)
       break;
 
     default:
-      assert (!"invalid header_mode");
+      unreachable ();
     }
 }
 
@@ -1148,8 +1146,7 @@ get_dev (char const *device, char const *mount_point, char const *file,
           v = nullptr;
           break;
         default:
-          v = nullptr; /* Avoid warnings where assert() is not __noreturn__.  */
-          assert (!"bad field_type");
+          affirm (!"bad field_type");
         }
 
       switch (columns[col]->field)
@@ -1251,11 +1248,10 @@ get_dev (char const *device, char const *mount_point, char const *file,
           break;
 
         default:
-          assert (!"unhandled field");
+          affirm (!"unhandled field");
         }
 
-      if (!cell)
-        assert (!"empty cell");
+      affirm (cell);
 
       replace_problematic_chars (cell);
       size_t cell_width = mbswidth (cell, 0);
author	Paul Eggert <eggert@cs.ucla.edu>	2023-07-01 11:31:40 -0700
committer	Paul Eggert <eggert@cs.ucla.edu>	2023-07-01 11:51:15 -0700
commit	478055dc30b9d1565e6b577485aea824ef22b038 (patch)
tree	7695dafd6fbc614df86ab6737eddb07506ef0b81 /src/df.c
parent	maint: fix indenting in previous change (diff)
download	coreutils-478055dc30b9d1565e6b577485aea824ef22b038.tar.gz coreutils-478055dc30b9d1565e6b577485aea824ef22b038.zip