Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Completion of error handling #77

Open
elfring opened this issue Sep 2, 2020 · 4 comments
Open

Completion of error handling #77

elfring opened this issue Sep 2, 2020 · 4 comments
Labels
code quality ♻️ Code quality enhancement

Comments

@elfring
Copy link

elfring commented Sep 2, 2020

Would you like to add more error handling for return values from functions like the following?
@fasterit fasterit added the code quality ♻️ Code quality enhancement label Sep 3, 2020
@fasterit
Copy link
Member

fasterit commented Sep 3, 2020

For sure. The code can use a good makeover for more defensive programming and avoiding of overflows. Patches welcome.

@BenBE
Copy link
Member

BenBE commented Sep 7, 2020

Having the source compile with the following compiler settings is a good start:

-dP
-pedantic
-Wall
-Wextra
-Werror
-Wunused-parameter
-Wduplicated-cond
-Wduplicated-branches
-Wunreachable-code
-Wshadow # Patches incoming; not much to do though
-Winit-self
-Wrestrict
-Wnull-dereference
-Wpointer-arith
-Wcast-align
-Wfloat-equal
-Wlogical-op
-Wwrite-strings
-Wformat=2
-Wno-error=expansion-to-defined
-Wstrict-overflow=5
-Wconversion # Patches incoming, cf. #78
-Wundef
-Wswitch-default
-Wswitch-enum
-fno-strict-aliasing

@BenBE BenBE mentioned this issue Sep 7, 2020
Merged
@BenBE
Copy link
Member

BenBE commented Sep 7, 2020

The suggested set of compiler flags build correctly with both #101 and #102 applied.

@BenBE
Copy link
Member

BenBE commented Sep 8, 2020

As I see some patches coming in using the GCC attributes, I had a look at some of my projects and saw, that one feature that could be interesting in the long run, might be buffer access tracking:

// Allow to use the GCC10 access attribute even with older compilers (by ignoring it if unsupported)
#if !defined(__clang__) && defined(__GNUC__) && (__GNUC__ >= 10)
#define HTOP_CHK_R1(x) __attribute__((access(read_only,x)))
#define HTOP_CHK_RW1(x) __attribute__((access(read_write,x)))
#define HTOP_CHK_W1(x) __attribute__((access(write_only,x)))

#define HTOP_CHK_R(x,y) __attribute__((access(read_only,x,y)))
#define HTOP_CHK_RW(x,y) __attribute__((access(read_write,x,y)))
#define HTOP_CHK_W(x,y) __attribute__((access(write_only,x,y)))
#else
#define HTOP_CHK_R1(x)
#define HTOP_CHK_RW1(x)
#define HTOP_CHK_W1(x)

#define HTOP_CHK_R(x,y)
#define HTOP_CHK_RW(x,y)
#define HTOP_CHK_W(x,y)
#endif

Basically what these attributes do (applied to a function declaration) is mark the argument at location x to contain a pointer to y items of the type that the argument at index x points to.

Example:

__attribute__((access(read_only,1,2)))
__attribute__((nonnull(1)))
void foo(const uint8_t* buf, size_t bufsize) {
    // …
    uint8_t bar = buf[bufsize]; // <- Throws warning
    // …
}

Using the nonnull attribute here also allows to skip the NULL check, as the compiler ensures this can't be NULL when this function is called.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code quality ♻️ Code quality enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BenBE @elfring @fasterit