svn commit: r216954 - head/sys/kern

Bruce Evans brde at optusnet.com.au
Thu Jan 6 23:56:52 UTC 2011


On Thu, 6 Jan 2011, Julian Elischer wrote:

> On 1/5/11 11:39 AM, Bruce Evans wrote:
>> On Wed, 5 Jan 2011, John Baldwin wrote:
>> 
>>> On Wednesday, January 05, 2011 11:17:20 am Jaakko Heinonen wrote:
>>>> On 2011-01-04, John Baldwin wrote:
>>>>> Err, no, the point of NOTREACHED is to serve as documentation for 
>>>>> lint(1), but
>>>>> that has subsequently been obsoleted by __dead2.
>>>> 
>>>> style(9) is out of date then?
>>> 
>>> According to bde@'s most recent e-mails, yes.
>> 
>> It's obviously out of date, since its only example of using NOTREACHED is 
>> after a usage() call, and this usage is missing a __dead2.  Of course it
>> doesn't use NOTREACHED after its 3 exit() calls or its 2 err() calls or
>> its 1 errx() call, so its "should" requirement for using NOTREACHED is
>> mostly not satisfied by itself.
>
> However I feel that teh notreached comment is as much for the reader as the 
> compiler/lint.
>
> Removing it makes the code  harder to understand for the feeble minded such 
> as myself.

Not to be personal, but is this why sys/netgraph never uses NOTREACHED?
It set an even better example than style(9) in this regard :-).

Perhaps netgraph use have many non-returning functions, but it has
thousands of return statements (which, according to style(9), "should"
be followed by a NOTREACHED comment.  That is obviously wrong, but it
is very easy to have unreachable code due to early returns; then a /*
Not reached due to mumble ... */ comment might be useful but a lint
/* NOTREACHED */ one isn't.

netgraph has 84 uses of panic() without NOTREACHED.  The unreachability
of code after panic() is especially interesting, since panic() shouldn't
return, but it can be misconfigured to return using RESTARTABLE_PANICS.
ng_parse.c is one of the few places that sort of supports RESTARTABLE_PANICS.
Parts of it return (0) iff RESTARTABLE_PANICS && panic() returns.
Other parts of it it are not so careful -- they blindly fall through
if panic() returns.  The parts with sloppy returns are also the parts
with non-KNF style.  These RESTARTABLE_PANICS ifdefs document the
(non-) NOTREACHability of the !RESTARTABLE_PANICS case much better
than NOTREACHED comments ever could, but are ugly clutter in a different
way.  There are only 6 of them (4 in ng_parse.c; 2 elsewhere), leaving
78 panic() calls with possibly-not- NOTREACHED code after them.

Grepping for '/\* [A-Z]* \*/' showed only 10 lint comments in netgraph
(all FALLTHROUGHs).  These are outnumbered by about 3.5 to 1 by my
favourite, XXX :-).

Bruce


More information about the svn-src-head mailing list