Re: __attribute__((warn_unused_result)) for NetBSD?

[David Holland <dholland-tech%netbsd.org@localhost>]

On Tue, Sep 16, 2008 at 10:10:50PM +0300, Aleksey Cheusov wrote:
 > > There's necessarily a tradeoff between paranoia and pragmatism.
 > > Finding the right balance is essential.
 > 
 > ...and every developer think that his balance is best of the best :-)

Well right :-)

 >  >> Variants:
 >  >> 1) this mark is useless at all
 >  >> 2) only for functions with no side effects
 >  >> 3) for some functions that may fail (read, write etc.)
 >  >> 4) 2 + 3
 > 
 > > Setting warn-unused-result on that may fail is nearly useless.
 > Why??? :-)
 > 
 > > You
 > > want warn-missing-failure-check, which is a lot harder to implement.
 > > Warn-unused-result is not an adequate substitute
 > 
 > You mix up a NECESSITY and SUFFICIENCY.  In order to make checks for
 > failures it is NECESSARY to check a return value, but nobody says it
 > is SUFFICIENT. But if CHECKS FOR FAILURE IS NECESSARY,
 > warn-unused-result does its job, it implements minimal checks and
 > produces appropriate warnings/errors. Of course, warn-unused-result
 > cannot replace human :-)

No, I'm not mixing those up. The point (which I've already stated once
and you removed from the quoted material) is that the check does not
actually catch any real errors in practice, and therefore serves no
purpose, while at the same time causes nuisance warnings. It therefore
has a net negative value.

How often does anyone write code that calls, say, fopen, and ignores
the return value completely? Pretty much never, and in the only
remotely likely case, something like this:

   FILE *f;
   fopen(file, "r"); /* missing "f =" */
   while (fgets(buf, sizeof(buf), f)) { ... }

there'll already be a warning because f isn't initialized. Meanwhile,
code that uses the return value without checking it for error, which
*is* a common mistake, is not detected. So adding warn-unused-result
doesn't accomplish anything in practice.

-- 
David A. Holland
dholland%netbsd.org@localhost