[U-Boot] [PATCH 1/2] net/eth.c: make eth_get_dev_by_name(NULL) safe
Helmut Raiger
helmut.raiger at hale.at
Wed Jul 13 08:32:37 CEST 2011
On 07/12/2011 11:22 AM, Detlev Zundel wrote:
> > i did go through the level of detail and showed the call graphs ...
> > none of
> > which should allow a driver tested as working to even once hit the
> > NULL path.
>
> As I said, these are the call graphs currently existing...
This was also my trail.
> > what i wouldnt mind is annotating the prototype with gcc attributes
> > saying that the argument is nonnull. ... #define __nonnull(x)
> > __attribute__((__nonnull__ x)) ... extern struct eth_device
> > *eth_get_dev_by_name(const char *devname) __nonnull(1); ...
>
> This can only catch calls the compiler can statically derive, but
> still I think it is a good thing.
>
__nonnull__ is actually a optimization attribute, gcc removes tests
for NULL in the function body, warnings are only generated if one
literally writes: eth_get_dev_by_name(NULL), so 'statically derive'
is already exageration.
This really is no help at all. It would indeed establish a precendence
to using an IMHO quite flawed attribute in gcc. If I had a vote, I'd be
against it.
The NDEBUG approach however, as Mike suggested, was what I was looking
for in the first place.
Helmut
--
Scanned by MailScanner.
More information about the U-Boot
mailing list