[PATCH] lib: fix warnings when building with clang

Tomi Ollila tomi.ollila at iki.fi
Thu Nov 29 06:23:09 PST 2012 

On Mon, Oct 22 2012, Tomi Ollila wrote:

> On Sun, Oct 21 2012, Jani Nikula <jani at nikula.org> wrote:
>
>> On Sun, 21 Oct 2012, Ethan Glasser-Camp <ethan.glasser.camp at gmail.com> wrote:
>>> Jani Nikula <jani at nikula.org> writes:
>>>
>>>> Building notmuch with CC=clang and CXX=clang++ produces the warnings:
>>>>
>>>> CC -O2 lib/tags.o
>>>> lib/tags.c:43:5: warning: expression result unused [-Wunused-value]
>>>>     talloc_steal (tags, list);
>>>>     ^~~~~~~~~~~~~~~~~~~~~~~~~
>>>> /usr/include/talloc.h:345:143: note: expanded from:
>>>>   ...__location__); __talloc_steal_ret; })
>>>>                     ^~~~~~~~~~~~~~~~~~
>>>> 1 warning generated.
>>>>
>>>> CXX -O2 lib/message.o
>>>> lib/message.cc:791:5: warning: expression result unused [-Wunused-value]
>>>>     talloc_reference (message, message->tag_list);
>>>>     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> /usr/include/talloc.h:932:36: note: expanded from:
>>>>   ...(_TALLOC_TYPEOF(ptr))_talloc_reference_loc((ctx),(ptr), __location__)
>>>>      ^                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> 1 warning generated.
>>>>
>>>> Check talloc_reference() return value, and explicitly ignore
>>>> talloc_steal() return value as it has no failure modes, to silence the
>>>> warnings.
>>>> ---
>>>>  lib/message.cc |    4 +++-
>>>>  lib/tags.c     |    2 +-
>>>>  2 files changed, 4 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/lib/message.cc b/lib/message.cc
>>>> index 978de06..320901f 100644
>>>> --- a/lib/message.cc
>>>> +++ b/lib/message.cc
>>>> @@ -788,7 +788,9 @@ notmuch_message_get_tags (notmuch_message_t *message)
>>>>       * possible to modify the message tags (which talloc_unlink's the
>>>>       * current list from the message) while still iterating because
>>>>       * the iterator will keep the current list alive. */
>>>> -    talloc_reference (message, message->tag_list);
>>>> +    if (!talloc_reference (message, message->tag_list))
>>>> +	return NULL;
>>>> +
>>>>      return tags;
>>>>  }
>>>
>>> Hi! What you did with talloc_steal is obviously fine. 
>>>
>>> I'd be happier about what you did with talloc_reference() if there were
>>> precedent, or a clearly-articulated convention for notmuch. Instead this
>>> is the third use in the codebase that I can see, and the other two are
>>> each unique to themselves. In mime-node.c we print an "out-of-memory"
>>> error and in lib/filenames.c we cast (void) talloc_reference (...), I
>>> guess figuring that we're pretty much hosed anyhow if we run out of
>>> memory.
>>>
>>> Why return NULL here? It seems like if talloc_reference fails, we're
>>> going to crash eventually, so we should print an error to explain our
>>> impending doom. I'd guess you're uneasy printing anything from lib/, but
>>> still want to signal an error, and the only way you can do so is to
>>> return NULL. I guess that silences the compiler warning, but it's not
>>> really the correct way to handle the error IMO. On the other hand, it's
>>> such a weird corner case that I don't even think it merits a FIXME
>>> comment.
>>>
>>> How about an assert instead of a return NULL?
>>
>> No. I don't think a library should assert, exit, or print to stderr on
>> this sort of thing. It's up to the calling application. Even if it
>> probably doesn't have many choices left, given how much memory
>> talloc_reference needs (not much).
>>
>> Ignoring the talloc_reference return value with (void) is just wrong,
>> and the caller of notmuch_message_get_tags should anticipate a NULL
>> return. So IMHO that's the pragmatic thing to do in this mostly
>> theoretical situation, the biggest change being silencing the warning.
>
> I agree that the best library can do is to return NULL (if talloc had
> a place in ctx to store error indication that could be used but I did
> not see any in quick look -- and using global there is not a good idea)
>
> but, before returning NULL should 'tags' be freed.

Ah, this is talloc() stuff, so the patch is good in this part.

> Additionally, should lib/filenames.c be changed to have code:
>
> if (unlikely (talloc_reference(filenames, list) == NULL)) {
>     talloc_free (filenames);
>     return NULL;
> }

More like 

if (unlikely (talloc_reference(filenames, list) == NULL))
    return NULL;

But that is out of scope of this patch...


so, +1

Tomi

>> BR,
>> Jani.
>
> (btw, what are the chances that program crashes before returning NULL
> due to page fault in stack frame allocation ???)
>
> Tomi

More information about the notmuch mailing list