This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: suggestion: c compiler warning for failure to test result


On 04/25/2017 02:35 PM, Joe Perches wrote:
A possibly useful addition similar to:

__attribute__((warn_unused_result))

might be

__attribute__((warn_untested_result))

for things like allocation failures that
are not verified before use.

I agree that this would be a useful feature.  In fact, I've been
thinking about implementing something like it, though not quite
as general.  (My initial thought was to key the warning off
an existing attribute like alloc_size for functions that aren't
also decorated with returns_nonnull.)  With warn_untested_result
even non-allocation functions (such as fopen) could be decorated,
so that seems like a better approach.

Can you please open an enhancement request in Bugzilla?

Thanks
Martin


For instance:

    void *malloc(size_t size);

could become

    void * __attribute((warn_untested_result)) malloc(size_t size)

so that

    #include <stdlib.h>

    struct foo {
    	    int bar;
    };

    struct foo *alloc_foo(void)
    {
    	    struct foo *baz = malloc(sizeof(struct foo));
    	    baz->bar = 1;
    	    return baz;
    }

The compiler could emit a warning on the set
of baz->bar as an intermediate test of baz
is not performed before any use of baz.

    struct foo *alloc_foo(void)
    {
    	    struct foo *baz =
    malloc(sizeof(struct foo));
    	    if (baz) baz->bar = 1;
    	    return
    baz;
    }

Similarly, alloc_foo could use that new attribute.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]