"Vakatov, Denis (NIH/NLM/NCBI) [E]" <vaka...@ncbi.nlm.nih.gov> writes:
> Can this design please be changed (or, dare I say without being > considered impolite, improved) to better accommodate for the cases > where there is indeed no reason for checking the return value? > > Making the developers jump through more complicated ad hoc hoops > (instead of just void-casting the func call) requires "too much" > effort, and regular developers usually won't do it. So, this will > increase the "warning noise", which will desensitize the developers, > and make them pay less attention to really useful warnings. Cases > like this therefore make the whole GCC warning mechanism less > effective, and it diminishes the great effort that you GCC > developers put into helping developers write cleaner code. Please don't top-post. Please read http://gcc.gnu.org/PR25509 . As the compiler documentation states, warn_unused_result was intended for cases where failing to check the return value is always a security risk or a bug. The documentation cites the example of realloc. That is a case where casting the return value to (void) would always be wrong. The compiler really should warn for that code by default; if you have some crazy need to ignore the result of realloc, just use the -Wno-unused-result option. That said, I agree that glibc is overly aggressive in using warn_unused_result when FORTIFY_SOURCE is defined. I agree that Debian is overly aggressive in having a distro-specific patch to enable FORTIFY_SOURCE by default. I think that both of those decisions were ill-advised. The combination of those decisions with the ones made by the gcc developers definitely makes some code inappropriately awkward. So what are the right choices here? I tend to be reluctant to endorse adding a new option, but I can't think of another approach. I think we should consider introducing a new gcc function attribute: must_use_result. I think we should document that attribute as intended specifically for cases where failing to use the return value is a program error, as with calls to realloc. We should handle must_use_result and warn_unused_result similarly, except that adding a cast to (void) disables the warn_unused_result warning. Perhaps there should also be other simple ways to disable the warn_unused_result warning. This is not a great solution, but I don't see a better way out of the current unpleasant situation. Ian
