Hi,
On 2020-06-16 19:46:29 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > I experimented with making the compiler warn about about some of these
> > kinds of mistakes without needing full test coverage:
>
> > I was able to get clang to warn about things like using palloc in signal
> > handlers, or using palloc while holding a spinlock. Which would be
> > great, except that it doesn't warn when there's an un-annotated
> > intermediary function. Even when that function is in the same TU.
>
> Hm. Couldn't we make "calling an un-annotated function" be a violation
> in itself?
I don't see a way to do that with these annotations, unfortunately.
https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
https://clang.llvm.org/docs/AttributeReference.html#acquire-capability-acquire-shared-capability
> Certainly in the case of spinlocks, what we want is pretty
> nearly a total ban on calling anything at all. I wouldn't cry too hard
> about having a similar policy for signal handlers.
It'd be interesting to try and see how invasive that'd be, if it were
possible to enforce. But...
Greetings,
Andres Freund