git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
@ 2021-06-07 11:12 Ævar Arnfjörð Bjarmason
  2021-06-07 17:02 ` Felipe Contreras
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-06-07 11:12 UTC (permalink / raw)
  To: git; +Cc: Junio C Hamano, Ævar Arnfjörð Bjarmason

Change various cmd_* functions to use "return" instead of exit() to
indicate an exit code. On Solaris with SunCC the compiler legitimately
complains about these, since we'll e.g. skip the cleanup (e.g. closing
fd's, erroring if we can't) in git.c's run_builtin() when we exit()
directly like this.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---

A trivial issue noticed in my pre-v2.32.0 testing that I wanted to
leave until after the release.

 builtin/difftool.c          | 5 ++---
 builtin/merge-ours.c        | 2 +-
 builtin/mktree.c            | 2 +-
 t/helper/test-hash-speed.c  | 2 +-
 t/helper/test-hash.c        | 2 +-
 t/helper/test-match-trees.c | 2 +-
 t/helper/test-reach.c       | 2 +-
 7 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/builtin/difftool.c b/builtin/difftool.c
index 89334b77fb..6a9242a803 100644
--- a/builtin/difftool.c
+++ b/builtin/difftool.c
@@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
 		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
 		NULL
 	};
-	int ret = 0, i;
+	int i;
 
 	if (prompt > 0)
 		env[2] = "GIT_DIFFTOOL_PROMPT=true";
@@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
 	strvec_push(&args, "diff");
 	for (i = 0; i < argc; i++)
 		strvec_push(&args, argv[i]);
-	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
-	exit(ret);
+	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
 }
 
 int cmd_difftool(int argc, const char **argv, const char *prefix)
diff --git a/builtin/merge-ours.c b/builtin/merge-ours.c
index 4594507420..a745c32ae4 100644
--- a/builtin/merge-ours.c
+++ b/builtin/merge-ours.c
@@ -29,5 +29,5 @@ int cmd_merge_ours(int argc, const char **argv, const char *prefix)
 		die_errno("read_cache failed");
 	if (index_differs_from(the_repository, "HEAD", NULL, 0))
 		exit(2);
-	exit(0);
+	return 0;
 }
diff --git a/builtin/mktree.c b/builtin/mktree.c
index 891991b00d..ae78ca1c02 100644
--- a/builtin/mktree.c
+++ b/builtin/mktree.c
@@ -189,5 +189,5 @@ int cmd_mktree(int ac, const char **av, const char *prefix)
 		used=0; /* reset tree entry buffer for re-use in batch mode */
 	}
 	strbuf_release(&sb);
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-hash-speed.c b/t/helper/test-hash-speed.c
index 432233c7f0..f40d9ad0c2 100644
--- a/t/helper/test-hash-speed.c
+++ b/t/helper/test-hash-speed.c
@@ -57,5 +57,5 @@ int cmd__hash_speed(int ac, const char **av)
 		free(p);
 	}
 
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-hash.c b/t/helper/test-hash.c
index 0a31de66f3..261c545b9d 100644
--- a/t/helper/test-hash.c
+++ b/t/helper/test-hash.c
@@ -54,5 +54,5 @@ int cmd_hash_impl(int ac, const char **av, int algo)
 		fwrite(hash, 1, algop->rawsz, stdout);
 	else
 		puts(hash_to_hex_algop(hash, algop));
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-match-trees.c b/t/helper/test-match-trees.c
index b9fd427571..4079fdee06 100644
--- a/t/helper/test-match-trees.c
+++ b/t/helper/test-match-trees.c
@@ -23,5 +23,5 @@ int cmd__match_trees(int ac, const char **av)
 	shift_tree(the_repository, &one->object.oid, &two->object.oid, &shifted, -1);
 	printf("shifted: %s\n", oid_to_hex(&shifted));
 
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-reach.c b/t/helper/test-reach.c
index cda804ed79..2f65c7f6a5 100644
--- a/t/helper/test-reach.c
+++ b/t/helper/test-reach.c
@@ -166,5 +166,5 @@ int cmd__reach(int ac, const char **av)
 		print_sorted_commit_ids(list);
 	}
 
-	exit(0);
+	return 0;
 }
-- 
2.32.0.rc3.434.gd8aed1f08a7


^ permalink raw reply	[flat|nested] 10+ messages in thread

* RE: [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-07 11:12 [PATCH] builtins + test helpers: use return instead of exit() in cmd_* Ævar Arnfjörð Bjarmason
@ 2021-06-07 17:02 ` Felipe Contreras
  2021-06-08  6:49 ` Jeff King
  2021-06-08 10:48 ` [PATCH v2] " Ævar Arnfjörð Bjarmason
  2 siblings, 0 replies; 10+ messages in thread
From: Felipe Contreras @ 2021-06-07 17:02 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason, git
  Cc: Junio C Hamano, Ævar Arnfjörð Bjarmason

Ævar Arnfjörð Bjarmason wrote:
> Change various cmd_* functions to use "return" instead of exit() to
> indicate an exit code. On Solaris with SunCC the compiler legitimately
> complains about these, since we'll e.g. skip the cleanup (e.g. closing
> fd's, erroring if we can't) in git.c's run_builtin() when we exit()
> directly like this.
> 
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>

Makes sense to me and it's obviously correct.

Reviewed-by: Felipe Contreras <felipe.contreras@gmail.com>

-- 
Felipe Contreras

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-07 11:12 [PATCH] builtins + test helpers: use return instead of exit() in cmd_* Ævar Arnfjörð Bjarmason
  2021-06-07 17:02 ` Felipe Contreras
@ 2021-06-08  6:49 ` Jeff King
  2021-06-08 10:53   ` Ævar Arnfjörð Bjarmason
  2021-06-10 13:16   ` Phillip Wood
  2021-06-08 10:48 ` [PATCH v2] " Ævar Arnfjörð Bjarmason
  2 siblings, 2 replies; 10+ messages in thread
From: Jeff King @ 2021-06-08  6:49 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason; +Cc: git, Junio C Hamano

On Mon, Jun 07, 2021 at 01:12:48PM +0200, Ævar Arnfjörð Bjarmason wrote:

> Change various cmd_* functions to use "return" instead of exit() to
> indicate an exit code. On Solaris with SunCC the compiler legitimately
> complains about these, since we'll e.g. skip the cleanup (e.g. closing
> fd's, erroring if we can't) in git.c's run_builtin() when we exit()
> directly like this.

Each of these cases looks like a simple and obvious conversion, and I
certainly don't mind us doing it.

But I do wonder what SunCC is complaining about exactly. Calling exit()
means you don't have to worry about cleanup anymore. Does the compiler
not have any notion of NORETURN or equivalent? If so, I'd expect many
more complaints in general that we probably _won't_ want to silence,
because it will be awkward to do so.

> diff --git a/builtin/difftool.c b/builtin/difftool.c
> index 89334b77fb..6a9242a803 100644
> --- a/builtin/difftool.c
> +++ b/builtin/difftool.c
> @@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
>  		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
>  		NULL
>  	};
> -	int ret = 0, i;
> +	int i;
>  
>  	if (prompt > 0)
>  		env[2] = "GIT_DIFFTOOL_PROMPT=true";
> @@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
>  	strvec_push(&args, "diff");
>  	for (i = 0; i < argc; i++)
>  		strvec_push(&args, argv[i]);
> -	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
> -	exit(ret);
> +	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>  }

This one I'm not surprised that a compiler would complain about. The
function returns an int, but there are no return paths from the
function (and hence the caller doing "return run_diff_files()" likewise
could not ever return there. Which is not quite what you said it
complained about above, hence my curiosity. :)

-Peff

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH v2] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-07 11:12 [PATCH] builtins + test helpers: use return instead of exit() in cmd_* Ævar Arnfjörð Bjarmason
  2021-06-07 17:02 ` Felipe Contreras
  2021-06-08  6:49 ` Jeff King
@ 2021-06-08 10:48 ` Ævar Arnfjörð Bjarmason
  2021-06-08 23:55   ` Junio C Hamano
  2 siblings, 1 reply; 10+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-06-08 10:48 UTC (permalink / raw)
  To: git
  Cc: Junio C Hamano, Felipe Contreras, Jeff King,
	Ævar Arnfjörð Bjarmason

Change various cmd_* functions that claim no return an "int" to use
"return" instead of exit() to indicate an exit code. These were not
marked with NORETURN, and by directly exit()-ing we'll skip the
cleanup git.c would otherwise do (e.g. closing fd's, erroring if we
can't). See run_builtin() in git.c.

In the case of shell.c and sh-i18n--envsubst.c this was the result of
an incomplete migration to using a cmd_main() in 3f2e2297b9 (add an
extra level of indirection to main(), 2016-07-01).

This was spotted by SunCC 12.5 on Solaris 10 (gcc210 on the gccfarm).

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
---

Clarified the commit message, and made the same s/exit/return/g change
in shell.c and sh-i18n--envsubst.c. I also missed an "exit(2)" in a
brach in builtin/merge-ours.c.

Range-diff against v1:
1:  61d7e6e079 ! 1:  f225b78e01 builtins + test helpers: use return instead of exit() in cmd_*
    @@ Metadata
      ## Commit message ##
         builtins + test helpers: use return instead of exit() in cmd_*
     
    -    Change various cmd_* functions to use "return" instead of exit() to
    -    indicate an exit code. On Solaris with SunCC the compiler legitimately
    -    complains about these, since we'll e.g. skip the cleanup (e.g. closing
    -    fd's, erroring if we can't) in git.c's run_builtin() when we exit()
    -    directly like this.
    +    Change various cmd_* functions that claim no return an "int" to use
    +    "return" instead of exit() to indicate an exit code. These were not
    +    marked with NORETURN, and by directly exit()-ing we'll skip the
    +    cleanup git.c would otherwise do (e.g. closing fd's, erroring if we
    +    can't). See run_builtin() in git.c.
    +
    +    In the case of shell.c and sh-i18n--envsubst.c this was the result of
    +    an incomplete migration to using a cmd_main() in 3f2e2297b9 (add an
    +    extra level of indirection to main(), 2016-07-01).
    +
    +    This was spotted by SunCC 12.5 on Solaris 10 (gcc210 on the gccfarm).
     
         Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
     
    @@ builtin/difftool.c: static int run_file_diff(int prompt, const char *prefix,
     
      ## builtin/merge-ours.c ##
     @@ builtin/merge-ours.c: int cmd_merge_ours(int argc, const char **argv, const char *prefix)
    + 	if (read_cache() < 0)
      		die_errno("read_cache failed");
      	if (index_differs_from(the_repository, "HEAD", NULL, 0))
    - 		exit(2);
    +-		exit(2);
     -	exit(0);
    ++		return 2;
     +	return 0;
      }
     
    @@ builtin/mktree.c: int cmd_mktree(int ac, const char **av, const char *prefix)
     +	return 0;
      }
     
    + ## sh-i18n--envsubst.c ##
    +@@ sh-i18n--envsubst.c: cmd_main (int argc, const char *argv[])
    +   if (ferror (stderr) || fflush (stderr))
    +     {
    +       fclose (stderr);
    +-      exit (EXIT_FAILURE);
    ++      return (EXIT_FAILURE);
    +     }
    +   if (fclose (stderr) && errno != EBADF)
    +-    exit (EXIT_FAILURE);
    ++    return (EXIT_FAILURE);
    + 
    +-  exit (EXIT_SUCCESS);
    ++  return (EXIT_SUCCESS);
    + }
    + 
    + /* Parse the string and invoke the callback each time a $VARIABLE or
    +
    + ## shell.c ##
    +@@ shell.c: int cmd_main(int argc, const char **argv)
    + 		default:
    + 			continue;
    + 		}
    +-		exit(cmd->exec(cmd->name, arg));
    ++		return cmd->exec(cmd->name, arg);
    + 	}
    + 
    + 	cd_to_homedir();
    +
      ## t/helper/test-hash-speed.c ##
     @@ t/helper/test-hash-speed.c: int cmd__hash_speed(int ac, const char **av)
      		free(p);

 builtin/difftool.c          | 5 ++---
 builtin/merge-ours.c        | 4 ++--
 builtin/mktree.c            | 2 +-
 sh-i18n--envsubst.c         | 6 +++---
 shell.c                     | 2 +-
 t/helper/test-hash-speed.c  | 2 +-
 t/helper/test-hash.c        | 2 +-
 t/helper/test-match-trees.c | 2 +-
 t/helper/test-reach.c       | 2 +-
 9 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/builtin/difftool.c b/builtin/difftool.c
index 89334b77fb..6a9242a803 100644
--- a/builtin/difftool.c
+++ b/builtin/difftool.c
@@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
 		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
 		NULL
 	};
-	int ret = 0, i;
+	int i;
 
 	if (prompt > 0)
 		env[2] = "GIT_DIFFTOOL_PROMPT=true";
@@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
 	strvec_push(&args, "diff");
 	for (i = 0; i < argc; i++)
 		strvec_push(&args, argv[i]);
-	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
-	exit(ret);
+	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
 }
 
 int cmd_difftool(int argc, const char **argv, const char *prefix)
diff --git a/builtin/merge-ours.c b/builtin/merge-ours.c
index 4594507420..3583cff71c 100644
--- a/builtin/merge-ours.c
+++ b/builtin/merge-ours.c
@@ -28,6 +28,6 @@ int cmd_merge_ours(int argc, const char **argv, const char *prefix)
 	if (read_cache() < 0)
 		die_errno("read_cache failed");
 	if (index_differs_from(the_repository, "HEAD", NULL, 0))
-		exit(2);
-	exit(0);
+		return 2;
+	return 0;
 }
diff --git a/builtin/mktree.c b/builtin/mktree.c
index 891991b00d..ae78ca1c02 100644
--- a/builtin/mktree.c
+++ b/builtin/mktree.c
@@ -189,5 +189,5 @@ int cmd_mktree(int ac, const char **av, const char *prefix)
 		used=0; /* reset tree entry buffer for re-use in batch mode */
 	}
 	strbuf_release(&sb);
-	exit(0);
+	return 0;
 }
diff --git a/sh-i18n--envsubst.c b/sh-i18n--envsubst.c
index e7430b9aa8..6cd307ac2c 100644
--- a/sh-i18n--envsubst.c
+++ b/sh-i18n--envsubst.c
@@ -104,12 +104,12 @@ cmd_main (int argc, const char *argv[])
   if (ferror (stderr) || fflush (stderr))
     {
       fclose (stderr);
-      exit (EXIT_FAILURE);
+      return (EXIT_FAILURE);
     }
   if (fclose (stderr) && errno != EBADF)
-    exit (EXIT_FAILURE);
+    return (EXIT_FAILURE);
 
-  exit (EXIT_SUCCESS);
+  return (EXIT_SUCCESS);
 }
 
 /* Parse the string and invoke the callback each time a $VARIABLE or
diff --git a/shell.c b/shell.c
index cef7ffdc9e..811e13b9c9 100644
--- a/shell.c
+++ b/shell.c
@@ -177,7 +177,7 @@ int cmd_main(int argc, const char **argv)
 		default:
 			continue;
 		}
-		exit(cmd->exec(cmd->name, arg));
+		return cmd->exec(cmd->name, arg);
 	}
 
 	cd_to_homedir();
diff --git a/t/helper/test-hash-speed.c b/t/helper/test-hash-speed.c
index 432233c7f0..f40d9ad0c2 100644
--- a/t/helper/test-hash-speed.c
+++ b/t/helper/test-hash-speed.c
@@ -57,5 +57,5 @@ int cmd__hash_speed(int ac, const char **av)
 		free(p);
 	}
 
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-hash.c b/t/helper/test-hash.c
index 0a31de66f3..261c545b9d 100644
--- a/t/helper/test-hash.c
+++ b/t/helper/test-hash.c
@@ -54,5 +54,5 @@ int cmd_hash_impl(int ac, const char **av, int algo)
 		fwrite(hash, 1, algop->rawsz, stdout);
 	else
 		puts(hash_to_hex_algop(hash, algop));
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-match-trees.c b/t/helper/test-match-trees.c
index b9fd427571..4079fdee06 100644
--- a/t/helper/test-match-trees.c
+++ b/t/helper/test-match-trees.c
@@ -23,5 +23,5 @@ int cmd__match_trees(int ac, const char **av)
 	shift_tree(the_repository, &one->object.oid, &two->object.oid, &shifted, -1);
 	printf("shifted: %s\n", oid_to_hex(&shifted));
 
-	exit(0);
+	return 0;
 }
diff --git a/t/helper/test-reach.c b/t/helper/test-reach.c
index cda804ed79..2f65c7f6a5 100644
--- a/t/helper/test-reach.c
+++ b/t/helper/test-reach.c
@@ -166,5 +166,5 @@ int cmd__reach(int ac, const char **av)
 		print_sorted_commit_ids(list);
 	}
 
-	exit(0);
+	return 0;
 }
-- 
2.32.0.rc3.434.gd8aed1f08a7


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-08  6:49 ` Jeff King
@ 2021-06-08 10:53   ` Ævar Arnfjörð Bjarmason
  2021-06-10 13:16   ` Phillip Wood
  1 sibling, 0 replies; 10+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-06-08 10:53 UTC (permalink / raw)
  To: Jeff King; +Cc: git, Junio C Hamano


On Tue, Jun 08 2021, Jeff King wrote:

> On Mon, Jun 07, 2021 at 01:12:48PM +0200, Ævar Arnfjörð Bjarmason wrote:
>
>> Change various cmd_* functions to use "return" instead of exit() to
>> indicate an exit code. On Solaris with SunCC the compiler legitimately
>> complains about these, since we'll e.g. skip the cleanup (e.g. closing
>> fd's, erroring if we can't) in git.c's run_builtin() when we exit()
>> directly like this.
>
> Each of these cases looks like a simple and obvious conversion, and I
> certainly don't mind us doing it.
>
> But I do wonder what SunCC is complaining about exactly. Calling exit()
> means you don't have to worry about cleanup anymore. Does the compiler
> not have any notion of NORETURN or equivalent? If so, I'd expect many
> more complaints in general that we probably _won't_ want to silence,
> because it will be awkward to do so.

It does, but in this case there's no NORETURN and we declared the
command to return int, and it's not the "main" function.

I believe that's what trips it up, as noted in a v2 I just submitted
now:
https://lore.kernel.org/git/patch-1.1-f225b78e01-20210608T104454Z-avarab@gmail.com/

It's not whining about every instance of "exit" in the codebase.

>> diff --git a/builtin/difftool.c b/builtin/difftool.c
>> index 89334b77fb..6a9242a803 100644
>> --- a/builtin/difftool.c
>> +++ b/builtin/difftool.c
>> @@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>  		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
>>  		NULL
>>  	};
>> -	int ret = 0, i;
>> +	int i;
>>  
>>  	if (prompt > 0)
>>  		env[2] = "GIT_DIFFTOOL_PROMPT=true";
>> @@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>  	strvec_push(&args, "diff");
>>  	for (i = 0; i < argc; i++)
>>  		strvec_push(&args, argv[i]);
>> -	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>> -	exit(ret);
>> +	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>>  }
>
> This one I'm not surprised that a compiler would complain about. The
> function returns an int, but there are no return paths from the
> function (and hence the caller doing "return run_diff_files()" likewise
> could not ever return there. Which is not quite what you said it
> complained about above, hence my curiosity. :)

I sent a few miscellaneous fixes recently for 15-20 SunCC
warnings. Around 1/2 of these are legitimate issues like these, the rest
are bugs in SunCC or flaws in it flow analysis or other known bugs in
the compiler.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v2] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-08 10:48 ` [PATCH v2] " Ævar Arnfjörð Bjarmason
@ 2021-06-08 23:55   ` Junio C Hamano
  2021-06-09  1:54     ` Ævar Arnfjörð Bjarmason
  0 siblings, 1 reply; 10+ messages in thread
From: Junio C Hamano @ 2021-06-08 23:55 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason; +Cc: git, Felipe Contreras, Jeff King

Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:

> Change various cmd_* functions that claim no return an "int" to use

s/no return/to return/

> "return" instead of exit() to indicate an exit code. These were not
> marked with NORETURN,

Up to this point, it is well written.

> and by directly exit()-ing we'll skip the
> cleanup git.c would otherwise do (e.g. closing fd's, erroring if we
> can't). See run_builtin() in git.c.

But I think this is a hyperbole.  File descritors are closed when we
exit without git.c's help, thank-you-very-much ;-), and if we do
have clean-ups that are truly important, we would have arranged them
to happen in the atexit handler, so it is not a crime for functions
called from the subcommand dispatchers to exit themselves (as long
as they exit sensibly, e.g. without doing nonsense like exit(-1)).

It nevertheless is a good idea because it encourages good code
hygiene, just like marking with NORETURN if the function must exit.
Selling this change as if it were a correctness fix (i.e. we were
exiting and missed these important clean-ups that the caller wanted
to do after we return) is misleading.

> In the case of shell.c and sh-i18n--envsubst.c this was the result of
> an incomplete migration to using a cmd_main() in 3f2e2297b9 (add an
> extra level of indirection to main(), 2016-07-01).
>
> This was spotted by SunCC 12.5 on Solaris 10 (gcc210 on the gccfarm).
>
> Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
> ---
>
> Clarified the commit message, and made the same s/exit/return/g change
> in shell.c and sh-i18n--envsubst.c. I also missed an "exit(2)" in a
> brach in builtin/merge-ours.c.

The range diff looks good to me.  Thanks.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v2] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-08 23:55   ` Junio C Hamano
@ 2021-06-09  1:54     ` Ævar Arnfjörð Bjarmason
  2021-06-09  3:38       ` Junio C Hamano
  0 siblings, 1 reply; 10+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-06-09  1:54 UTC (permalink / raw)
  To: Junio C Hamano; +Cc: git, Felipe Contreras, Jeff King


On Wed, Jun 09 2021, Junio C Hamano wrote:

> Ævar Arnfjörð Bjarmason  <avarab@gmail.com> writes:
>
>> Change various cmd_* functions that claim no return an "int" to use
>
> s/no return/to return/
>
>> "return" instead of exit() to indicate an exit code. These were not
>> marked with NORETURN,
>
> Up to this point, it is well written.
>
>> and by directly exit()-ing we'll skip the
>> cleanup git.c would otherwise do (e.g. closing fd's, erroring if we
>> can't). See run_builtin() in git.c.
>
> But I think this is a hyperbole.  File descritors are closed when we
> exit without git.c's help, thank-you-very-much ;-), [...]

Closed yes, but not ", erroring if we can't". That's referring to the
behavior in git.c added in g0f157315a1 (Check for IO errors after
running a command, 2007-06-24) and 0227f9887b (git: Try a bit harder not
to lose errno in stdio, 2007-06-30).

That strictness isn't something you get by default from an exiting C
program, which is why we're explicitly checking and calling die_errno()
in run_builtin().

I wasn't aiming for hyperbole, just accurately describing the
implications of skipping the code we'd skip before this patch.

> [...]and if we do
> have clean-ups that are truly important, we would have arranged them
> to happen in the atexit handler, so it is not a crime for functions
> called from the subcommand dispatchers to exit themselves (as long
> as they exit sensibly, e.g. without doing nonsense like exit(-1)).

I'm not quite sure what "clean-ups that are truly important" is meant to
get at here. I was just describing the cleanups in git.c that we were
skipping, which aren't implemened as atexit handlers.

But no, those couldn't be done in atexit handlers as they call
die_errno() or BUG(), and both of them want to modify the exit code. The
atexit() handlers cannot modify the exit code (both per the C standard,
and POSIX).

That particular edge was last last discussed on-list in my
https://lore.kernel.org/git/20210202020001.31601-6-avarab@gmail.com/;
when the whole "should SIGPIPE from the pager be ignored" topic came up.

So it's really the opposite of what you're saying. If you have cleanups
that are truly important, i.e. so important that you'd like to notify
the user with a non-zero exit code if they fail, you *don't* want them
in an atexit handler. That won't work.

> It nevertheless is a good idea because it encourages good code
> hygiene, just like marking with NORETURN if the function must exit.
> Selling this change as if it were a correctness fix (i.e. we were
> exiting and missed these important clean-ups that the caller wanted
> to do after we return) is misleading.

Before this patch:

    $ git ls-tree HEAD | git mktree >/dev/full; echo $?
    0

After:

    $ git ls-tree HEAD | git mktree >/dev/full; echo $?
    fatal: unknown write failure on standard output
    128

So yes, it's a correctness fix, and you can't do that in an atexit
handler, at least not portably.

You might find that if you try it that it works perfectly fine. But
that's because e.g. glibc does non-standard shenanigans to make it work,
but it's not portable behavior. See
e.g. https://wiki.musl-libc.org/functional-differences-from-glibc.html#Re_entrancy_of_exit

That page suggests that glibc's behavior might be an accident, but it's
not. They explicitly support that non-standard behavior of an atexit
handler munging the exit code. See their implementation & comments:
https://github.com/bminor/glibc/blob/master/stdlib/exit.c

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v2] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-09  1:54     ` Ævar Arnfjörð Bjarmason
@ 2021-06-09  3:38       ` Junio C Hamano
  0 siblings, 0 replies; 10+ messages in thread
From: Junio C Hamano @ 2021-06-09  3:38 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason; +Cc: git, Felipe Contreras, Jeff King

Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:

> So it's really the opposite of what you're saying. If you have cleanups
> that are truly important, i.e. so important that you'd like to notify
> the user with a non-zero exit code if they fail, you *don't* want them
> in an atexit handler. That won't work.

Ah, OK.  What I had in mind was things like removing the directory
"clone" attempted to create and populate, removing temporary files,
etc.  when a function that is not marked as NORETURN calls die(), by
the atexit handler.  But you're right.  We leave a final clean-up
for normal returns (i.e. when cmd_foo() intends to return or exit
with 0) to be done to the caller that is git.::run_builtin().

Thanks.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-08  6:49 ` Jeff King
  2021-06-08 10:53   ` Ævar Arnfjörð Bjarmason
@ 2021-06-10 13:16   ` Phillip Wood
  2021-06-10 13:19     ` Ævar Arnfjörð Bjarmason
  1 sibling, 1 reply; 10+ messages in thread
From: Phillip Wood @ 2021-06-10 13:16 UTC (permalink / raw)
  To: Jeff King, Ævar Arnfjörð Bjarmason; +Cc: git, Junio C Hamano

On 08/06/2021 07:49, Jeff King wrote:
> On Mon, Jun 07, 2021 at 01:12:48PM +0200, Ævar Arnfjörð Bjarmason wrote:
> 
>> Change various cmd_* functions to use "return" instead of exit() to
>> indicate an exit code. On Solaris with SunCC the compiler legitimately
>> complains about these, since we'll e.g. skip the cleanup (e.g. closing
>> fd's, erroring if we can't) in git.c's run_builtin() when we exit()
>> directly like this.
> 
> Each of these cases looks like a simple and obvious conversion, and I
> certainly don't mind us doing it.
> 
> But I do wonder what SunCC is complaining about exactly. Calling exit()
> means you don't have to worry about cleanup anymore. Does the compiler
> not have any notion of NORETURN or equivalent? If so, I'd expect many
> more complaints in general that we probably _won't_ want to silence,
> because it will be awkward to do so.

It is curious that is only complaining abut exit() calls and not die(), 
maybe that is just a coincidence though if it is not complaining about 
all calls to exit()

Best Wishes

Phillip

>> diff --git a/builtin/difftool.c b/builtin/difftool.c
>> index 89334b77fb..6a9242a803 100644
>> --- a/builtin/difftool.c
>> +++ b/builtin/difftool.c
>> @@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>   		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
>>   		NULL
>>   	};
>> -	int ret = 0, i;
>> +	int i;
>>   
>>   	if (prompt > 0)
>>   		env[2] = "GIT_DIFFTOOL_PROMPT=true";
>> @@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>   	strvec_push(&args, "diff");
>>   	for (i = 0; i < argc; i++)
>>   		strvec_push(&args, argv[i]);
>> -	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>> -	exit(ret);
>> +	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>>   }
> 
> This one I'm not surprised that a compiler would complain about. The
> function returns an int, but there are no return paths from the
> function (and hence the caller doing "return run_diff_files()" likewise
> could not ever return there. Which is not quite what you said it
> complained about above, hence my curiosity. :)
> 
> -Peff
> 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] builtins + test helpers: use return instead of exit() in cmd_*
  2021-06-10 13:16   ` Phillip Wood
@ 2021-06-10 13:19     ` Ævar Arnfjörð Bjarmason
  0 siblings, 0 replies; 10+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2021-06-10 13:19 UTC (permalink / raw)
  To: phillip.wood; +Cc: Jeff King, git, Junio C Hamano


On Thu, Jun 10 2021, Phillip Wood wrote:

> On 08/06/2021 07:49, Jeff King wrote:
>> On Mon, Jun 07, 2021 at 01:12:48PM +0200, Ævar Arnfjörð Bjarmason wrote:
>> 
>>> Change various cmd_* functions to use "return" instead of exit() to
>>> indicate an exit code. On Solaris with SunCC the compiler legitimately
>>> complains about these, since we'll e.g. skip the cleanup (e.g. closing
>>> fd's, erroring if we can't) in git.c's run_builtin() when we exit()
>>> directly like this.
>> Each of these cases looks like a simple and obvious conversion, and
>> I
>> certainly don't mind us doing it.
>> But I do wonder what SunCC is complaining about exactly. Calling
>> exit()
>> means you don't have to worry about cleanup anymore. Does the compiler
>> not have any notion of NORETURN or equivalent? If so, I'd expect many
>> more complaints in general that we probably _won't_ want to silence,
>> because it will be awkward to do so.
>
> It is curious that is only complaining abut exit() calls and not
> die(), maybe that is just a coincidence though if it is not
> complaining about all calls to exit()

It's "function has no return statement", usually things that die() will
also return if nothing goes wrong.

It also complains about e.g. cram() in imap-send.c under NO_OPENSSL=Y,
which is an "non-void" returning function stub that just calls die().

I recall raising that on-list in the past and proposing that they have a
dummy return value, but that met lukewarm support, so I just consider
them false alarms and try to ignore them.

I do think we should have "die_report" or whatever versions of die() so you could do:

    return die_report(...);

You can do that with error(), but that means changing the error message
from "fatal:" to "error:". Those cases are obscure though, e.g. piping
to a full disk where we'd die for other reasons. Now we'll hide that
error.

I mean, we'd do so anyway since cmd_builtin() in git.c won't reach the
"closing fd's" check, but that could be fixed, and there's other similar
cases where we needlessly conflate the desire to say "fatal" and exit
with 128 with returning an error and doing cleanup etc.

>>> diff --git a/builtin/difftool.c b/builtin/difftool.c
>>> index 89334b77fb..6a9242a803 100644
>>> --- a/builtin/difftool.c
>>> +++ b/builtin/difftool.c
>>> @@ -675,7 +675,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>>   		"GIT_PAGER=", "GIT_EXTERNAL_DIFF=git-difftool--helper", NULL,
>>>   		NULL
>>>   	};
>>> -	int ret = 0, i;
>>> +	int i;
>>>     	if (prompt > 0)
>>>   		env[2] = "GIT_DIFFTOOL_PROMPT=true";
>>> @@ -686,8 +686,7 @@ static int run_file_diff(int prompt, const char *prefix,
>>>   	strvec_push(&args, "diff");
>>>   	for (i = 0; i < argc; i++)
>>>   		strvec_push(&args, argv[i]);
>>> -	ret = run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>>> -	exit(ret);
>>> +	return run_command_v_opt_cd_env(args.v, RUN_GIT_CMD, prefix, env);
>>>   }
>> This one I'm not surprised that a compiler would complain about. The
>> function returns an int, but there are no return paths from the
>> function (and hence the caller doing "return run_diff_files()" likewise
>> could not ever return there. Which is not quite what you said it
>> complained about above, hence my curiosity. :)
>> -Peff
>> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-06-10 13:27 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-07 11:12 [PATCH] builtins + test helpers: use return instead of exit() in cmd_* Ævar Arnfjörð Bjarmason
2021-06-07 17:02 ` Felipe Contreras
2021-06-08  6:49 ` Jeff King
2021-06-08 10:53   ` Ævar Arnfjörð Bjarmason
2021-06-10 13:16   ` Phillip Wood
2021-06-10 13:19     ` Ævar Arnfjörð Bjarmason
2021-06-08 10:48 ` [PATCH v2] " Ævar Arnfjörð Bjarmason
2021-06-08 23:55   ` Junio C Hamano
2021-06-09  1:54     ` Ævar Arnfjörð Bjarmason
2021-06-09  3:38       ` Junio C Hamano

git@vger.kernel.org list mirror (unofficial, one of many)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 git git/ https://public-inbox.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/inbox.comp.version-control.git
	nntp://ie5yzdi7fg72h7s4sdcztq5evakq23rdt33mfyfcddc5u3ndnw24ogqd.onion/inbox.comp.version-control.git
	nntp://4uok3hntl7oi7b4uf4rtfwefqeexfzil2w6kgk2jn5z2f764irre7byd.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git
 note: .onion URLs require Tor: https://www.torproject.org/

code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git