Justus Winter, le Tue 13 May 2014 12:52:03 +0200, a écrit :
> Quoting Neal H. Walfield (2014-05-13 09:44:21)
> > At Mon, 12 May 2014 12:05:41 +0200,
> > Justus Winter wrote:
> > > +/* Decrement REF. Return the result of the operation. This function
> > > + uses atomic operations. It is not required to serialize calls to
> > > + this function. */
> > > +static inline unsigned int
> > > +refcount_deref (refcount_t *ref)
> > > +{
> > > + return __atomic_sub_fetch (ref, 1, __ATOMIC_RELAXED);
> > > +}
> >
> > How about adding assert(*ref >= 0)?
>
> It is there, you just can't see it because I optimized it away (as gcc
> would, as refcount_t is unsigned ;).
Well, he means assert(*ref != UINT_MAX) then. It'd be good to make sure
we don't underflow.
Samuel
