svn commit: r317755 - head/sbin/ifconfig

Bruce Evans brde at optusnet.com.au
Wed May 3 19:32:18 UTC 2017 

On Wed, 3 May 2017, Ngie Cooper wrote:

>> On May 3, 2017, at 10:21, Alan Somers <asomers at FreeBSD.org> wrote:
>>
>> Author: asomers
>> Date: Wed May  3 17:21:01 2017
>> New Revision: 317755
>> URL: https://svnweb.freebsd.org/changeset/base/317755
>>
>> Log:
>>  Various Coverity fixes in ifconfig(8)
>
> ...
>
>>  * Mark usage() as _Noreturn (1305806, 1305750)
>
> ...
>
>> -static    void usage(void);
>> +static    void usage(void) _Noreturn;
>
>    Please use __dead2 instead to be consistent with legacy use of similar gcc attributes.

_Noreturn after the function is also a syntax error for C++11 and therefore
a logic error in all cases (see below).

Using either a static function is a style bug.  __dead2 and _Noreturn are
mostly for functions that can't be directly seen to not return because they
are separately compiled, but static functions are never separately compiled.

There might be exceptions for functions that don't return but this is not
obvious.  usage() is not an exception since it it is so simple.  style(9)
requires it to end with exit().  exit() must be declared as __dead2 so
that it is known to not return.

This depends on the compiler doing processing the whole file to see which
static functions don't return before complaining about probems from them
returning in calls earlier in the file, but compilers must do that to
avoid spurious warnings.  Even gcc-1 seems to have done it, and now
-O implies -funit-at-a-time which does it and uses the results more

To enlarge this style bug and break portability, use _Noreturn in some
places and __dead2 in others, and place it before the function name
and misindent it, as in <stdlib.h>.

Actually, there are syntactical problems which require some of the
style bugs if _Noreturn is used at all, so it should never be used.
_Noreturn expands to [[noreturn]] for c++11.  It is a syntax error if
you place it where you did (after the function name).  OTOH, __dead2
is a syntax error for the compiler it was written for (gcc-2.0) when it
is placed before the function name.  __dead2 replaced __dead which
was for gcc-1 and had the same syntactical restriction as [[noreturn]].

gcc had obscure restrictions on the placement of __attribute__(())
much later than gcc-2.0, but the __noreturn__ attribute used by __dead2
is accepted both before and after the function name by gcc-2.95.4, so
it is fairly portable in practice.  <stdlib.h> should be careful about
portablity and style, but ifconfig doesn't need to be portable.

Bruce

More information about the svn-src-head mailing list