Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Jan 2018 15:08:04 -0500
From:      Pedro Giffuni <pfg@FreeBSD.org>
To:        Conrad Meyer <cse.cem@gmail.com>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r327697 - head/sys/sys
Message-ID:  <1665ddb4-64ad-5d01-902e-2a77a8f5b50c@FreeBSD.org>
In-Reply-To: <CAG6CVpW5kCAST_3deDkZ0bRq7zWBntZNOu0_DXn%2B7OOpnYXcFQ@mail.gmail.com>
References:  <201801081541.w08Ffmm0052729@repo.freebsd.org> <CAG6CVpW5kCAST_3deDkZ0bRq7zWBntZNOu0_DXn%2B7OOpnYXcFQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi;

On 08/01/2018 13:08, Conrad Meyer wrote:
> Hi,
>
> Response inline.
>
> On Mon, Jan 8, 2018 at 7:41 AM, Pedro F. Giffuni <pfg@freebsd.org> wrote:
>> Author: pfg
>> Date: Mon Jan  8 15:41:48 2018
>> New Revision: 327697
>> URL: https://svnweb.freebsd.org/changeset/base/327697
>>
>> Log:
>>    malloc(9): drop the __result_use_check attribute for the kernel allocator.
>>
>>    The __result_use_check attribute was brought to the kernel malloc in
>>    r281203 for consistency with the userland malloc.
>>
>>    For the case of the M_WAITOK flag, the kernel malloc(), realloc(), and
>>    reallocf() cannot return NULL so in that case the __result_use_check
>>    attribute makes no sense.
>>
>>    We don't have any way of conditionalizing such attributes so just drop it.
> Could we conditionalize the attribute using two different names and a
> macro that inspected the (typically) constant flags argument?
> Something like this:
>
> #define malloc(s, t, f) \
>     (__builtin_constant_p(f) && (f & M_WAITOK) != 0) ?
> _malloc_waitok(s, t, f) : _malloc(s, t, f)
> void *_malloc(...) __malloc_like __alloc_size(1);
> void *_malloc_waitok(...) __malloc_like __result_use_check __alloc_size(1);
>
> The two names would just be aliases, or one could invoke the other as
> an inline function.

That would work but I completely misunderstood the GCC attribute.
Quoting the GCC documentation:
____
warn_unused_result
The warn_unused_result attribute causes a warning to be emitted if a 
caller of the function with this attribute does not use its return 
value. This is useful for functions where not checking the result is 
either a security problem or always a bug, such as realloc.
____
Retrospectively, our attribute is badly named but it was very difficult 
to come up with a good name.

Pedro.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1665ddb4-64ad-5d01-902e-2a77a8f5b50c>