From owner-svn-src-all@FreeBSD.ORG  Tue Nov  4 16:50:24 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2B0F0372;
 Tue,  4 Nov 2014 16:50:24 +0000 (UTC)
Received: from mail107.syd.optusnet.com.au (mail107.syd.optusnet.com.au
 [211.29.132.53]) by mx1.freebsd.org (Postfix) with ESMTP id DF580CE7;
 Tue,  4 Nov 2014 16:50:23 +0000 (UTC)
Received: from c122-106-147-133.carlnfd1.nsw.optusnet.com.au
 (c122-106-147-133.carlnfd1.nsw.optusnet.com.au [122.106.147.133])
 by mail107.syd.optusnet.com.au (Postfix) with ESMTPS id 0935BD4A44E;
 Wed,  5 Nov 2014 03:50:21 +1100 (AEDT)
Date: Wed, 5 Nov 2014 03:50:20 +1100 (EST)
From: Bruce Evans <brde@optusnet.com.au>
X-X-Sender: bde@besplex.bde.org
To: David Chisnall <theraven@freebsd.org>
Subject: Re: svn commit: r274086 - head/sbin/route
In-Reply-To: <C17BDEA3-7BF7-4EB7-A8E2-A8D202425576@FreeBSD.org>
Message-ID: <20141105032132.Y1105@besplex.bde.org>
References: <201411041021.sA4ALZ4m001202@svn.freebsd.org>
 <20141104102828.GB1215@mole.fafoe.narf.at>
 <C17BDEA3-7BF7-4EB7-A8E2-A8D202425576@FreeBSD.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Optus-CM-Score: 0
X-Optus-CM-Analysis: v=2.1 cv=fvDlOjIf c=1 sm=1 tr=0
 a=7NqvjVvQucbO2RlWB8PEog==:117 a=PO7r1zJSAAAA:8 a=kj9zAlcOel0A:10
 a=JzwRw_2MAAAA:8 a=6I5d2MoRAAAA:8 a=WG_e04i6Ftto_pB9AjcA:9
 a=CjuIK1q_8ugA:10
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
 Stefan Farfeleder <stefanf@freebsd.org>,
 "Alexander V. Chernikov" <melifaro@freebsd.org>, src-committers@freebsd.org
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 16:50:24 -0000

On Tue, 4 Nov 2014, David Chisnall wrote:

> On 4 Nov 2014, at 10:28, Stefan Farfeleder <stefanf@FreeBSD.org> wrote:
>
>> Shouldn't Coverity understand that err doesn't return?
>
> err() is marked as __dead2, which expands to __attribute__((__noreturn__)).  If Coverity doesn't know that __attribute__((__noreturn__)) functions don't return, then that's a Coverity bug and they should fix it (if we're not expanding __dead3 to __attribute__((__noreturn__)) for Coverity, then that's a sys/cdefs.h bug and should be fixed there).

__dead3 would be the gcc-3 syntax for __dead2 if that were different.  Since
gcc only changed the syntax for non-returning functions once, __dead3 doesn't
exist.  You probably mean __dead2.

<sys/cdefs.h> is indeed broken for lint and some other cases.  It defines
__dead2 as nothing for lint.  This shouldn't be a problem for primitive
lints since __dead2 is only a hint (not so for some other things that
are defined away), but it prevents any line that supports gcc extensions
from seeing the defined-away attributes.

__dead2 is also defined away unless the compiler is gcc >= 2.5 or any
__INTEL_COMPILER (do any __INTEL_COMPILERs still exist?).  Coverity
would have to pretend to be gcc >= 2.5 to see the gcc attributes.  clang
pretends this, but INTEL_COMPILER doesn't.

Some other attributes are ifdefed more orthogonally but still messily
using macros like __CC_SUPPORTS_INLINE.  You still need a mess of ifdefs
to determine if the compiler supports the feature.  The mess is especially
ugly though not very large for 'inline'.  There are similar macros for
__inline and __inline__.  Plain inline has only been standard for 15 years
now.  __inline is gcc's 20+ year old workaround for inline not being
standard.  __inline__ is an alternative spelling of this.  Its use is
just a style bug.  All of these are assumed to exist if the compiler is
gcc or __INTEL_COMPILER.  The ifdefs are not messy enough to be correct
even for gcc, since 25+ year old gcc didn't support inlining.  Only a
few places actually uses the __CC_SUPPORTS_*INLINE feature tests, so these
are worse than useless.  Many places use __inline instead of inline, so
they don't depend on the compiler supporting C99 inline or being gcc with
support for inline not killed using -std=c89, etc.

> Putting a break after a noreturn function makes the code less readable and will cause errors in non-buggy static analysers (dead code warning - why do you have a break on an unreachable line?).

Similarly for lint comments like /* NOTREACHED */.  Even lint shouldn't need
help to know that standard functions like exit() don't return.

Bruce