Gerd Hoffmann <kra...@redhat.com> writes: >> > + assert(vs); >> > return vnc_socket_local_addr("%s:%s", vs->lsock); >> > } >> > >> > >> >> If you want, I can just silence the warning in Coverity. > > I think in the source code is better, human readers might wonder too. > > And in case the calling code ever changes behavior the assert will trap > it (even though it is highly unlikely in this specific case).
I'm very much in favor of using assertions to guide Coverity. Besides human readers, they may also help other static analyzers, including optimizers. Speaking of silencing defects: we could also explore use of code annotations. Example given in the manual: x = NULL; ... // coverity[var_deref_op] *x = 0; The comment automatically classifies the FORWARD_NULL as intentional.