On 12/02/2010 05:28 AM, Daniel P. Berrange wrote: >> +virThreadPoolPtr virThreadPoolNew(size_t minWorkers, >> + size_t maxWorkers, >> + virThreadPoolJobFunc func, >> + void *opaque) ATTRIBUTE_NONNULL(3) >> + ATTRIBUTE_RETURN_CHECK; > > ATTRIBUTE_RETURN_CHECK doesn't serve any useful purpose > when placed on constructors, since the caller will always > "use" the return value by assigning the pointer to some > variable. The compiler can thus never detect whether you > check for null or not, even with this annotation.
Good point. However, in looking through gcc's documentation, maybe it's
time we introduce a new attribute for constructors:
#define ATTRIBUTE_MALLOC __attribute__((__malloc__))
The `malloc' attribute is used to tell the compiler that a function
may be treated as if any non-`NULL' pointer it returns cannot
alias any other pointer valid when the function returns. This
will often improve optimization. Standard functions with this
property include `malloc' and `calloc'. `realloc'-like functions
have this property as long as the old pointer is never referred to
(including comparing it to the new pointer) after the function
returns a non-`NULL' value.
I think that tools like clang might also be able to feed off of the
malloc attribute to make decisions about whether NULL-checking needs to
be performed on the result, and/or provide better leak detection analysis.
However, that's a separate idea, and doesn't affect this series.
--
Eric Blake [email protected] +1-801-349-2682
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
