[LLVMbugs] [Bug 19208] New: Request: add attribute to annotate function as "always returns X"

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Thu Mar 20 07:29:20 PDT 2014 

http://llvm.org/bugs/show_bug.cgi?id=19208

            Bug ID: 19208
           Summary: Request: add attribute to annotate function as "always
                    returns X"
           Product: clang
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: icculus at icculus.org
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

(This is tested against checker-276.)

Is there a way to annotate a function, so that Clang knows it always returns a
specific value?

Here's our use case:

We used to have a bunch of code like this...

    void SDL_SetError(const char *errmsg);

    // ...

    if (bad_thing_happened) {
        SDL_SetError("Uh no!");
        return -1;
    }

...but to unclutter things, we do this now...

    int SDL_SetError(const char *errmsg);

    // ...

    if (bad_thing_happened) {
        return SDL_SetError("Uh no!");
    }


SDL_SetError() always returns -1, it's just that way to clean up the code a
little, as this is a common idiom for us.

The problem is that Clang doesn't know this, so it produces false positives in
static analysis like this one:

https://buildbot.libsdl.org/sdl-static-analysis/sdl-macosx-static-analysis/sdl-macosx-static-analysis-8/report-1470c3.html#EndPath

The simple fix for this on our end is to initialize that variable--and we
will--but it would be nice if we could tell Clang that Step #10 in that report
can't ever take the false branch, because when we returned SDL_SetError() in
Step #8, it would always force the true branch in Step #10.

But at the moment, Clang just understands that some unavailable function
returns an int of any possible value.

We don't want to litter every one of these cases with asserts, as it defeats
the purpose of the idiom (and would be ugly in any case, as we use this all
over the codebase).

I'm thinking of something like this:

    int SDL_SetError(const char *errmsg) __attribute__((always_returns(-1)));

Where "-1" can be a comma separated list of possible values that must be
literal, POD values. Extra credit if the compiler throws an error if
SDL_SetError() tries to return something other than one of the literal values.

(This is related to Bug #17404, but I'm not sure it's the same problem. Feel
free to mark this as a duplicate if that's that case, though.)

Thanks!

--ryan.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140320/2e1f6fb5/attachment.html>

More information about the llvm-bugs mailing list