Re: _must_check [LWN.net]

Re: _must_check

Posted Nov 24, 2006 21:58 UTC (Fri) by nix (subscriber, #2304)
In reply to: Re: _must_check by ldo
Parent article: KHB: Automating bug hunting

Since the whole point of __attribute__((warn_unused_result)) is that it
should be applied only to functions where it is nearly always a mistake to
ignore the result at all, the question is academic.

The problem with (in effect) adding that attribute to every function is
that it *would* require one ugly workaround or another, and thus would
encourage using such workarounds even for those functions where it *is* an
error to ignore the result. This would eliminate a large part of the point
of warn_unused_result, and reduce net security.

(I've seen exactly this happen on codebases that frequently get attacked
by IMHO flawed lint tools that *do* emit such warnings as you propose.
(void)foo() crops up whenever foo()'s result is ignored, *even when
ignoring that result is in fact a bad idea*.)

(Log in to post comments)

Re: _must_check

Posted Nov 30, 2006 2:05 UTC (Thu) by ldo (subscriber, #40946) [Link]

>Since the whole point of __attribute__((warn_unused_result)) is that
>it should be applied only to functions where it is nearly always a
>mistake to ignore the result at all, the question is academic.

On the contrary, the question is far from academic. This business of having to ignore return values by assigning them to rubbish variables (as opposed to simply casting them to void) has already infected the Linux kernel--and indeed, led to bugs there. A clean, uniform solution is needed.