From mboxrd@z Thu Jan 1 00:00:00 1970 From: Helmut Raiger Date: Wed, 13 Jul 2011 08:32:37 +0200 Subject: [U-Boot] [PATCH 1/2] net/eth.c: make eth_get_dev_by_name(NULL) safe In-Reply-To: References: <4E118AD9.9000200@hale.at> <4E1AC82D.3020205@hale.at> <201107120237.33837.vapier@gentoo.org> Message-ID: <4E1D3C05.9020808@hale.at> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 07/12/2011 11:22 AM, Detlev Zundel wrote: > > i did go through the level of detail and showed the call graphs ... > > none of > > which should allow a driver tested as working to even once hit the > > NULL path. > > As I said, these are the call graphs currently existing... This was also my trail. > > what i wouldnt mind is annotating the prototype with gcc attributes > > saying that the argument is nonnull. ... #define __nonnull(x) > > __attribute__((__nonnull__ x)) ... extern struct eth_device > > *eth_get_dev_by_name(const char *devname) __nonnull(1); ... > > This can only catch calls the compiler can statically derive, but > still I think it is a good thing. > __nonnull__ is actually a optimization attribute, gcc removes tests for NULL in the function body, warnings are only generated if one literally writes: eth_get_dev_by_name(NULL), so 'statically derive' is already exageration. This really is no help at all. It would indeed establish a precendence to using an IMHO quite flawed attribute in gcc. If I had a vote, I'd be against it. The NDEBUG approach however, as Mike suggested, was what I was looking for in the first place. Helmut -- Scanned by MailScanner.