Re: suggestion: c compiler warning for failure to test result
On Thu, 2017-04-27 at 10:42 -0600, Jeff Law wrote: > On 04/25/2017 05:02 PM, Martin Sebor wrote: > > On 04/25/2017 02:35 PM, Joe Perches wrote: > > > A possibly useful addition similar to: > > > > > > __attribute__((warn_unused_result)) > > > > > > might be > > > > > > __attribute__((warn_untested_result)) > > > > > > for things like allocation failures that > > > are not verified before use. > > > > I agree that this would be a useful feature. In fact, I've been > > thinking about implementing something like it, though not quite > > as general. (My initial thought was to key the warning off > > an existing attribute like alloc_size for functions that aren't > > also decorated with returns_nonnull.) With warn_untested_result > > even non-allocation functions (such as fopen) could be decorated, > > so that seems like a better approach. > > > > Can you please open an enhancement request in Bugzilla? > > Yea, I like it as well. Here's the bugzilla entry: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80522
Re: suggestion: c compiler warning for failure to test result
On 04/25/2017 05:02 PM, Martin Sebor wrote: On 04/25/2017 02:35 PM, Joe Perches wrote: A possibly useful addition similar to: __attribute__((warn_unused_result)) might be __attribute__((warn_untested_result)) for things like allocation failures that are not verified before use. I agree that this would be a useful feature. In fact, I've been thinking about implementing something like it, though not quite as general. (My initial thought was to key the warning off an existing attribute like alloc_size for functions that aren't also decorated with returns_nonnull.) With warn_untested_result even non-allocation functions (such as fopen) could be decorated, so that seems like a better approach. Can you please open an enhancement request in Bugzilla? Yea, I like it as well. jeff
Re: suggestion: c compiler warning for failure to test result
On 04/25/2017 02:35 PM, Joe Perches wrote:
A possibly useful addition similar to:
__attribute__((warn_unused_result))
might be
__attribute__((warn_untested_result))
for things like allocation failures that
are not verified before use.
I agree that this would be a useful feature. In fact, I've been
thinking about implementing something like it, though not quite
as general. (My initial thought was to key the warning off
an existing attribute like alloc_size for functions that aren't
also decorated with returns_nonnull.) With warn_untested_result
even non-allocation functions (such as fopen) could be decorated,
so that seems like a better approach.
Can you please open an enhancement request in Bugzilla?
Thanks
Martin
For instance:
void *malloc(size_t size);
could become
void * __attribute((warn_untested_result)) malloc(size_t size)
so that
#include
struct foo {
int bar;
};
struct foo *alloc_foo(void)
{
struct foo *baz = malloc(sizeof(struct foo));
baz->bar = 1;
return baz;
}
The compiler could emit a warning on the set
of baz->bar as an intermediate test of baz
is not performed before any use of baz.
struct foo *alloc_foo(void)
{
struct foo *baz =
malloc(sizeof(struct foo));
if (baz) baz->bar = 1;
return
baz;
}
Similarly, alloc_foo could use that new attribute.
suggestion: c compiler warning for failure to test result
A possibly useful addition similar to:
__attribute__((warn_unused_result))
might be
__attribute__((warn_untested_result))
for things like allocation failures that
are not verified before use.
For instance:
void *malloc(size_t size);
could become
void * __attribute((warn_untested_result)) malloc(size_t size)
so that
#include
struct foo {
int bar;
};
struct foo *alloc_foo(void)
{
struct foo *baz = malloc(sizeof(struct foo));
baz->bar = 1;
return baz;
}
The compiler could emit a warning on the set
of baz->bar as an intermediate test of baz
is not performed before any use of baz.
struct foo *alloc_foo(void)
{
struct foo *baz =
malloc(sizeof(struct foo));
if (baz) baz->bar = 1;
return
baz;
}
Similarly, alloc_foo could use that new attribute.
