You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR annotates _Error_Handler with __attribute__((noreturn)) that informs the compiler that the given function does not return.
Motivation
This simplifies analysis for both the compiler and external tools.
For example it fixes a warning I got, that the result of getAssociatedChannel in HardwareTimer.cppmight* underflow when 1 is subtracted from the default return value of zero and this would then result in an out of bounds array access. "Might" in this context probably means to the compiler that there's either no Error_Handler defined or there's one that returns. In any case, the fact that these errors can pop up (like they did for me), means the code flow is not always clear enough for the compiler.
Additional notes
HardwareTimer and other similar files could maybe be updated in a way to fail/return safe values in all cases? Though this might cause undesirable seemingly working "default" behaviour while a crash would be very visible.
An another question is if there should there be a default halt loop Error_Handler even if NDEBUG is enabled (and a replacement is not defined). I lack sufficient experience with the core to know if this would be safer everything considered.
HardwareTimer and other similar files could maybe be updated in a way to fail/return safe values in all cases? Though this might cause undesirable seemingly working "default" behaviour while a crash would be very visible.
If the value is not correct it fails in the error handler (infinite loop). Returning a safe value is not easy as we do not know which timer is used nor if something is connected to it.
An another question is if there should there be a default halt loop Error_Handler even if NDEBUG is enabled (and a replacement is not defined). I lack sufficient experience with the core to know if this would be safer everything considered.
If NDEBUG and not redefined, a default halt loop is defined (infiinite loop). So don't see what else we can do.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR annotates
_Error_Handlerwith__attribute__((noreturn))that informs the compiler that the given function does not return.Motivation
This simplifies analysis for both the compiler and external tools.
For example it fixes a warning I got, that the result of
getAssociatedChannelinHardwareTimer.cppmight* underflow when1is subtracted from the default return value of zero and this would then result in an out of bounds array access. "Might" in this context probably means to the compiler that there's either noError_Handlerdefined or there's one that returns. In any case, the fact that these errors can pop up (like they did for me), means the code flow is not always clear enough for the compiler.Additional notes
HardwareTimerand other similar files could maybe be updated in a way to fail/return safe values in all cases? Though this might cause undesirable seemingly working "default" behaviour while a crash would be very visible.An another question is if there should there be a default halt loop
Error_Handlereven ifNDEBUGis enabled (and a replacement is not defined). I lack sufficient experience with the core to know if this would be safer everything considered.