This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Implement -Wimplicit-fallthrough (version 9)
- From: Michael Matz <matz at suse dot de>
- To: Tom Tromey <tom at tromey dot com>
- Cc: Jakub Jelinek <jakub at redhat dot com>, Bernd Schmidt <bschmidt at redhat dot com>, Marek Polacek <polacek at redhat dot com>, Richard Biener <richard dot guenther at gmail dot com>, Eric Botcazou <ebotcazou at adacore dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Markus Trippelsdorf <markus at trippelsdorf dot de>, Jason Merrill <jason at redhat dot com>, Rainer Orth <ro at cebitec dot uni-bielefeld dot de>, Joseph Myers <joseph at codesourcery dot com>, Arnaud Charlet <charlet at adacore dot com>
- Date: Wed, 28 Sep 2016 14:15:34 +0200 (CEST)
- Subject: Re: Implement -Wimplicit-fallthrough (version 9)
- Authentication-results: sourceware.org; auth=none
- References: <20160920153343.GF19950@redhat.com> <20160927103941.GC307@x4> <20160927104750.GP7282@tucnak.redhat.com> <3281536.k3j4D4G97W@polaris> <CAFiYyc1ksRqxR81Q5fbeQ+sRpDsVN2qqVLfmf7W54LX50V-C-Q@mail.gmail.com> <a84b88e9-d6bd-31f4-a33e-1104531d7a22@redhat.com> <20160927115153.GU3223@redhat.com> <8521f44d-616c-a03d-879d-c400b13ce9d9@redhat.com> <20160927120108.GV3223@redhat.com> <6b5dbab6-0b5a-3f55-53e0-5dc419a3cd6a@redhat.com> <20160927134914.GW7282@tucnak.redhat.com> <alpine.LSU.2.20.1609271553120.5714@wotan.suse.de> <87ponpz56s.fsf@tromey.com>
Hi,
On Tue, 27 Sep 2016, Tom Tromey wrote:
> The point of the warning is to make code more robust. But accepting any
> comment like "Don't fall through" is not more robust, but rather an
> error waiting to happen; as IIUC the user has no way to detect this
> case.
>
> I think it's better for the comment-scanning feature to be very picky
> (or even just not exist at all) -- that way you know exactly what you
> are getting. Lint was traditionally picky IIRC. And, this is a warning
> that isn't default and can also be disabled, so it's not as if users
> have no recourse.
Not accepting
/* And here we intentionally fall through because ... */
and forcing users to replace this by:
/* fallthrough */
is not robust either. It's actually actively lowering robustness of code,
it creates work for programmers that will be regarded as pointless (and
rightly so) and will merely lead to everybody disabling the warning (see
our generated files) at which point we could just as well not have
implemented it (which would be a shame because I think it's genuinely
useful).
The point of warnings is to make code robust under the condition of not
being a pain by giving zillions of false positives. In this specific case
the chance of giving false positives by being picky in how to disable the
warning is very high. On the other hand the chance of unintentionally
disabling the warning by a negative comment like "Don't fall through here"
is low, because presumably the one adding that comment (and hence thinking
about that part of the code) also in fact put in the "break;" afterwards.
The argument with lint being picky would apply only if GCC would have
added this warning maybe 20 years ago, not now where nearly nobody even
knows what lint is, which lead to a large existing code base not having
comments that would be accepted by lint but comments that do specify the
intent of falling through.
Ciao,
Michael.
P.S.: Initially I even wanted to argue that the mere existence of _any_
comment before a case label would disable the warning. I don't have the
numbers but I bet even that version would have found the very same bugs
that the picky version has.