svn commit: r317755 - head/sbin/ifconfig

Bruce Evans brde at optusnet.com.au
Wed May 3 21:35:07 UTC 2017 

On Wed, 3 May 2017, Alan Somers wrote:

> On Wed, May 3, 2017 at 2:51 PM, Bruce Evans <brde at optusnet.com.au> wrote:
>> On Wed, 3 May 2017, Eric van Gyzen wrote:
>>
>>> On 05/03/2017 14:38, Alan Somers wrote:
>>>>
>>>> On Wed, May 3, 2017 at 1:34 PM, Warner Losh <imp at bsdimp.com> wrote:
>>>>>
>>>>> On Wed, May 3, 2017 at 1:32 PM, Alan Somers <asomers at freebsd.org> wrote:
>>>>>>
>>>>>> On Wed, May 3, 2017 at 12:16 PM, Ngie Cooper <yaneurabeya at gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>> On May 3, 2017, at 10:21, Alan Somers <asomers at FreeBSD.org> wrote:
>>>>>>>>
>>>>>>>> Author: asomers
>>>>>>>> Date: Wed May  3 17:21:01 2017
>>>>>>>> New Revision: 317755
>>>>>>>> URL: https://svnweb.freebsd.org/changeset/base/317755
>>>>>>>>
>>>>>>>> Log:
>>>>>>>>  Various Coverity fixes in ifconfig(8)
>>>>>>>
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>>>  * Mark usage() as _Noreturn (1305806, 1305750)
>>>>>>>
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>>> -static    void usage(void);
>>>>>>>> +static    void usage(void) _Noreturn;
>>>>>>>
>>>>>>>
>>>>>>> Hi Alan,
>>>>>>>     Please use __dead2 instead to be consistent with legacy use of
>>>>>>> similar gcc attributes.
>>>>>>> Thanks,
>>>>>>> -Ngie
>>>>>>
>>>>>>
>>>>>> Why not use _Noreturn?  It's standardized by C11, so tools understand
>>>>>> it better than __dead2.
>>>>>
>>>>>
>>>>> Tools that can't understand #define __dead2 _Noreturn aren't worth
>>>>> supporting.
>>>>
>>>> Some tools don't expand preprocessor macros.  Like my editor, for
>>>> example, which highlights _Noreturn as a keyword but not __dead2.
>>>
>>>
>>> Please use _Noreturn, because it's standard.  sys/cdefs.h already
>>> defines it appropriately for C < C11.
>>
>>
>> _Noreturn is far too hard to use.  The above use of it is a syntax error:
>>
>>     pts/12:bde at freefall:~/u3> cat z.c
>>     void foo(void) _Noreturn;
>>     _Noreturn void foo(void);
>>     pts/12:bde at freefall:~/u3> cc -std=c11 z.c
>>     z.c:1:16: error: '_Noreturn' keyword must precede function declarator
>>     void foo(void) _Noreturn;
>>                    ^~~~~~~~~
>>     _Noreturn
>>     1 error generated.
>>
>> sys/cdefs.h defines might define it appropropriately for C < C11, but
>> it defines it as __dead2 for all C, so prevents the C11 _Noreturn
>> keyword being used.  This normally breaks detection of the syntax error.
>> Normally <sys/cdefs.h> is included first, so you __dead2 obfuscated by
>> spelling it _Noreturn instead of C11 _Noreturn.
>>
>> Defining _Noreturn as __dead2 is wrong because it gives the opposite
>> syntax error.  __dead2 can now be placed anywhere, but everything in
>> sys/cdefs.h is supposed to be portable back to gcc-1.  __dead2 must
>> be placed after the function for gcc-2.0, since __attribute__(()) had
>> more restrictions then.  So if you write:
>>
>>    #include <sys/cdefs.h>
>>    _Noreturn void foo(void);
>>
>> to satisfy the C11 syntax, then you get a syntax error for old gcc (> 1).
>>
>> This is just the start of the complications for soft-coded C11'isms.
>> C11 also has noreturn.  You have to include <stdnoreturn.h> to get that.
>> But you actiually get the _Noreturn macro which expands to __dead2.
>>
>> There are further complications for C++11.  sys/cdefs.h does have a
>> correct-looking ifdef for C+11.  This gives the [[noreturn]] keyward
>> instead of __dead2.   C11 doesn't have <stdnoreturn.h>.  I think its
>> keyword must be spelled [[noreturn]].  This spelling is completely
>> incompatibly with C.
>
> Why do you say that cdefs.h should be compatible with gcc-1?  gcc-2

Because that is what it is for.  It should be compatible with any C
compiler, not just gcc or Standard C ones, but since it grew up with
gcc it doesn't have much support for others.

It still pretends to supports gcc-1 with pre-Standard C (__P(()), etc.)
and even compilers that don't have pre-Standard volatile (pure K&R1
for that and not K&R with gcc-1 extensions), and lint.  Some of this
still works.

> was released more than 25 years ago.  gcc-1 isn't the default compiler
> for any architecture and isn't available in ports.  If anybody can
> find a copy of gcc-1, I doubt that much of our codebase would compile.
> It sounds to me that the best practice would be to place both __dead2
> and _Noreturn before the function name.

Unportable code can do that.  Of course, it is unportable to include
<sys/cdefs.h> at all.  Usign __dead2 gives undefined behaviour in general.
Even if you include <sys/cdefs.h>, it might not be the FreeBSD one.  Using 
_Noreturn gives undefined behaviour before C11.

Bruce

More information about the svn-src-all mailing list