This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Marking of functions with attributes like __wur
On Tuesday, April 17, 2012 21:47:48 Roland McGrath wrote:
> > > So, is this a good go for a policy:
> > >
> > > "This is useful for functions where not checking the result is
> > > either a security problem or always a bug such as realloc.
> > >
> > > This flag might not be set if the check for failure can be done in
> > > other ways, e.g. the return value of fwrite can be check with
> > > ferror as well. Only apply it where in practice, a warning is far
> > > more likely to be a helpful diagnostic than a false alarm."
> >
> > No replies since a few days. Have we reached consensus to go ahead
> > with the above definition until we find a better one? ;)
>
> The second paragraph seems to contradict the first. I think the final
> clause ("a warning far more likely...") is the real criterion and the
> rest is just elucidation.
What about this formulation:
This is useful for functions where not checking the result is either a
security problem or always a bug. It should be applied where in
practice, a warning is far more likely to be a helpful diagnostic than
a false alarm.
Examples are:
* realloc: Use the attribute since the return value needs to checked
for failure and used as new value
* fwrite: Do not use the attribute since the return value of fwrite
can be checked with ferror as well.
Andreas
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126