User: Password:
|
|
Subscribe / Log in / New account

_must_check

_must_check

Posted Nov 23, 2006 11:09 UTC (Thu) by gnb (subscriber, #5132)
In reply to: _must_check by ldo
Parent article: KHB: Automating bug hunting

That would be fine if APIs were designed with that in mind, but as things
stand you probably need to be more selective because of commonly used
functions that return values no-one cares about. The most obvious
user-space example is printf. A quick look at google codesearch suggests
that about 0% of the world's programming population checks the return
value (understandably). So a global option probably wouldn't get used
much due to the amount of code that would need "fixing". Having a
case-by-case "no, really _must_ check this one" is messier but likely
to meet less resistance.


(Log in to post comments)

_must_check

Posted Nov 23, 2006 15:12 UTC (Thu) by nix (subscriber, #2304) [Link]

Also, (void)blah is *really ugly*. To me casts to void look *wrong*. They only really make sense in the context of C++ templates (for the same reason that returning `values of type void' can sometimes make sense there).

Re: _must_check

Posted Nov 24, 2006 1:30 UTC (Fri) by ldo (guest, #40946) [Link]

>Also, (void)blah is *really ugly*. To me casts to void look *wrong*.

It's either

(void)unlink(filename);

or

ignore_unwanted_result = unlink(filename);

Which would you prefer?

Re: _must_check

Posted Nov 24, 2006 21:58 UTC (Fri) by nix (subscriber, #2304) [Link]

Since the whole point of __attribute__((warn_unused_result)) is that it
should be applied only to functions where it is nearly always a mistake to
ignore the result at all, the question is academic.

The problem with (in effect) adding that attribute to every function is
that it *would* require one ugly workaround or another, and thus would
encourage using such workarounds even for those functions where it *is* an
error to ignore the result. This would eliminate a large part of the point
of warn_unused_result, and reduce net security.

(I've seen exactly this happen on codebases that frequently get attacked
by IMHO flawed lint tools that *do* emit such warnings as you propose.
(void)foo() crops up whenever foo()'s result is ignored, *even when
ignoring that result is in fact a bad idea*.)

Re: _must_check

Posted Nov 30, 2006 2:05 UTC (Thu) by ldo (guest, #40946) [Link]

>Since the whole point of __attribute__((warn_unused_result)) is that
>it should be applied only to functions where it is nearly always a
>mistake to ignore the result at all, the question is academic.

On the contrary, the question is far from academic. This business of having to ignore return values by assigning them to rubbish variables (as opposed to simply casting them to void) has already infected the Linux kernel--and indeed, led to bugs there. A clean, uniform solution is needed.

Re: _must_check

Posted Nov 28, 2006 4:30 UTC (Tue) by xoddam (subscriber, #2322) [Link]

How about
#define do (void)
?

Re: _must_check

Posted Nov 28, 2006 23:56 UTC (Tue) by nix (subscriber, #2304) [Link]

That particular choice of name kinda wrecks do/while loops, don't you
think?

Re: _must_check

Posted Nov 29, 2006 2:03 UTC (Wed) by xoddam (subscriber, #2322) [Link]

Oh yes. I'll get my coat.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds