doc: document the use of assert()

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-02-21 08:58:16 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-02-21 09:12:48 +0100
commit: bc0cc9ed344a0444f3ebf2388e14b1281f61788a (patch)
tree: 0bc3709a82ede8f23243e5000861478522ba0763 /CONTRIBUTING.md
parent: 28aebde3a92bfd77e3e3eb41e0a05e925bbe597d (diff)
download: gnutls-bc0cc9ed344a0444f3ebf2388e14b1281f61788a.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9ef032e598..2c97025d7b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -139,6 +139,27 @@ error codes are defined in gnutls.h and a description
 is available in gnutls_errors.c
 
 
+# Usage of assert()
+
+ The assert() macro --not to be confused with gnutls_assert()-- is used
+exceptionally on impossible situations to assist static analysis tools.
+That is, it should be used when the static analyzer used in CI (currently
+clang analyzer), detects an error which is on an impossible situation.
+In these cases assert() is used to rule out that case.
+
+For example in the situation where a pointer is known to be non-null,
+but the static analyzer cannot rule it out, we use code like the following:
+```
+assert(ptr != NULL);
+ptr->deref = 3;
+```
+
+Since GnuTLS is a library no other uses of assert() macro are acceptable.
+
+The NDEBUG macro is not used in GnuTLS compilation, so the assert() macros
+are always active.
+
+
 # Guile bindings:
 
  Parts of the Guile bindings, such as types (aka. "SMOBs"), enum values,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-02-21 08:58:16 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-02-21 09:12:48 +0100
commit	bc0cc9ed344a0444f3ebf2388e14b1281f61788a (patch)
tree	0bc3709a82ede8f23243e5000861478522ba0763 /CONTRIBUTING.md
parent	28aebde3a92bfd77e3e3eb41e0a05e925bbe597d (diff)
download	gnutls-bc0cc9ed344a0444f3ebf2388e14b1281f61788a.tar.gz