Date: Thu, 6 Jan 2011 20:56:49 +0100 From: Tijl Coosemans <tijl@coosemans.org> To: freebsd-current@freebsd.org Subject: Re: FYI: clang static analyzer page has moved to http://scan.freebsd.your.org/freebsd-head/ Message-ID: <201101062056.55807.tijl@coosemans.org> In-Reply-To: <7FA66A47-CB15-4C22-8614-B58E986CFFA4@cederstrand.dk> References: <20110105131439.GN23329@acme.spoerlein.net> <20110105193653.GA49285@stack.nl> <7FA66A47-CB15-4C22-8614-B58E986CFFA4@cederstrand.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart5939611.85pHghQyDQ Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Thursday 06 January 2011 09:01:09 Erik Cederstrand wrote: > Den 05/01/2011 kl. 20.36 skrev Jilles Tjoelker: >> On Wed, Jan 05, 2011 at 05:55:45PM +0100, Ulrich Sp=F6rlein wrote: >>> On Wed, 05.01.2011 at 09:34:49 -0500, John Baldwin wrote: >>>> These are all marked as __dead2, so the compiler should "know" that th= ese do >>>> not return. >>>=20 >>> And clang did the right thing here in the past. Beware that it does no >>> inter-procedural analysis yet, so it will usually miss that usage() >>> calls exit unconditionally. >>>=20 >>> *But*, it should grok that for err(3) and exit(3). Now there are some >>> possible remedies: >>>=20 >>> - get IPA to work with clang, or at least file a bug >>> - mark functions as __dead2 (please don't do that) >>=20 >> Why not? >=20 > Because the analyzer is supposed to find bugs. Only the function that > really doesn't return should be marked as such. If we begin spewing > __dead2's everywhere, it's bound to silence a valid bug somewhere > down the line when e.g. a conditional in a print_help() function is > changed subtly so it doesn't always reach exit(). On the other hand you can't really expect the compiler/analyser to know what a procedure in another file does, so in that case you need __dead2 anyway. For procedures in the same file it would be nice if the compiler automatically optimised non-returning calls, but I'm not sure the analyser should do that. If the code relies on the fact that a procedure doesn't return, which is the case here, it's a good thing to declare it as such exactly to prevent bugs from creeping in. You can't add a return statement to a non-returning procedure without the compiler complaining about it and I'm sure the analyser would complain about it as well. So you won't be hiding other bugs by adding __dead2 here and there. --nextPart5939611.85pHghQyDQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iF4EABEIAAYFAk0mHocACgkQfoCS2CCgtiuTrwEAhgdh9cpPFD4/Rk7UixjBaCcO ScEq/6b7K7VkWhgn74gA/2NbkpKAbZsjL+ZIntFyXx8vgXH83zVf0h7ueofLExL+ =C1aR -----END PGP SIGNATURE----- --nextPart5939611.85pHghQyDQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101062056.55807.tijl>