sa_assert: assert-like macro, enabled only for use with static analyzers

Among some here, there is a strong aversion to the use of "assert", yet
some others think it is essential (when applied judiciously) even --
perhaps "especially" -- at the heart of libraries and core hypervisor-
related code.
Here is a compromise that lets us make assertions about the code (e.g.,
to tell static analyzers about invariants) without even a hint of risk
of an abort.
* src/internal.h [STATIC_ANALYSIS]: Include <assert.h>.
(sa_assert): Define.  A no-op most of the time, but equivalent
to classical assert when STATIC_ANALYSIS is nonzero.

diff --git a/src/internal.h b/src/internal.h
index 2e73210d0e55aee042c3933973097abe2fb9bdb1..896df22d74aef90159e9d62356b154dd4b21dd5b 100644 (file)
--- a/src/internal.h
+++ b/src/internal.h
@@ -9,6 +9,14 @@
 # include <limits.h>
 # include <verify.h>
 
+# if STATIC_ANALYSIS
+#  undef NDEBUG /* Don't let a prior NDEBUG definition cause trouble.  */
+#  include <assert.h>
+#  define sa_assert(expr) assert (expr)
+# else
+#  define sa_assert(expr) /* empty */
+# endif
+
 # ifdef HAVE_SYS_SYSLIMITS_H
 #  include <sys/syslimits.h>
 # endif