MdePkg: Add NORETURN attribute and UNREACHABLE() macro.

The NORETURN attribute informs compilers and analyzers that the flagged function cannot return. This may improve the quality of the optimizations. The UNREACHABLE() macro informs compilers and analyzers that its position cannot be reached, for example eliminating implicit returns. It is recommended to be used together with the NORETURN attribute to prevent warnings regarding the function flagged as 'noreturn' returning. The ANALYZER-prefixed versions have the same effects, but exclude compilers. They may be used to surpress warnings of static analyzers, such as possible dereferencing of a NULL pointer when dereferencing it after having checked it via ASSERT(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-06-19 09:28:51 +08:00 · 2016-06-19 09:28:51 +08:00 · 001f28caef
parent 359cb1a3b9
commit 001f28caef
1 changed files with 110 additions and 0 deletions
--- a/MdePkg/Include/Base.h
+++ b/MdePkg/Include/Base.h
@ -84,6 +84,116 @@ VERIFY_SIZE_OF (CHAR16, 2);
  #define GLOBAL_REMOVE_IF_UNREFERENCED
 #endif

+//
+// Should be used in combination with NORETURN to avoid 'noreturn' returns
+// warnings.
+//
+#ifndef UNREACHABLE
+  #ifdef __GNUC__
+    ///
+    /// Signal compilers and analyzers that this call is not reachable.  It is
+    /// up to the compiler to remove any code past that point.
+    ///
+    #define UNREACHABLE()  __builtin_unreachable ()
+  #elif defined (__has_feature)
+    #if __has_builtin (__builtin_unreachable)
+      ///
+      /// Signal compilers and analyzers that this call is not reachable.  It is
+      /// up to the compiler to remove any code past that point.
+      ///
+      #define UNREACHABLE()  __builtin_unreachable ()
+    #endif
+  #endif
+
+  #ifndef UNREACHABLE
+    ///
+    /// Signal compilers and analyzers that this call is not reachable.  It is
+    /// up to the compiler to remove any code past that point.
+    ///
+    #define UNREACHABLE()
+  #endif
+#endif
+
+//
+// Signaling compilers and analyzers that a certain function cannot return may
+// remove all following code and thus lead to better optimization and less
+// false positives.
+//
+#ifndef NORETURN
+  #if defined (__GNUC__) || defined (__clang__)
+    ///
+    /// Signal compilers and analyzers that the function cannot return.
+    /// It is up to the compiler to remove any code past a call to functions
+    /// flagged with this attribute.
+    ///
+    #define NORETURN  __attribute__((noreturn))
+  #elif defined(_MSC_EXTENSIONS) && !defined(MDE_CPU_EBC)
+    ///
+    /// Signal compilers and analyzers that the function cannot return.
+    /// It is up to the compiler to remove any code past a call to functions
+    /// flagged with this attribute.
+    ///
+    #define NORETURN  __declspec(noreturn)
+  #else
+    ///
+    /// Signal compilers and analyzers that the function cannot return.
+    /// It is up to the compiler to remove any code past a call to functions
+    /// flagged with this attribute.
+    ///
+    #define NORETURN
+  #endif
+#endif
+
+//
+// Should be used in combination with ANALYZER_NORETURN to avoid 'noreturn'
+// returns warnings.
+//
+#ifndef ANALYZER_UNREACHABLE
+  #ifdef __clang_analyzer__
+    #if __has_builtin (__builtin_unreachable)
+      ///
+      /// Signal the analyzer that this call is not reachable.
+      /// This excludes compilers.
+      ///
+      #define ANALYZER_UNREACHABLE()  __builtin_unreachable ()
+    #endif
+  #endif
+
+  #ifndef ANALYZER_UNREACHABLE
+    ///
+    /// Signal the analyzer that this call is not reachable.
+    /// This excludes compilers.
+    ///
+    #define ANALYZER_UNREACHABLE()
+  #endif
+#endif
+
+//
+// Static Analyzers may issue errors about potential NULL-dereferences when
+// dereferencing a pointer, that has been checked before, outside of a
+// NULL-check.  This may lead to false positives, such as when using ASSERT()
+// for verification.
+//
+#ifndef ANALYZER_NORETURN
+  #ifdef __has_feature
+    #if __has_feature (attribute_analyzer_noreturn)
+      ///
+      /// Signal analyzers that the function cannot return.
+      /// This excludes compilers.
+      ///
+      #define ANALYZER_NORETURN  __attribute__((analyzer_noreturn))
+    #endif
+  #endif
+
+  #ifndef ANALYZER_NORETURN
+    ///
+    /// Signal the analyzer that the function cannot return.
+    /// This excludes compilers.
+    ///
+    #define ANALYZER_NORETURN
+  #endif
+#endif
+
 //
 // For symbol name in assembly code, an extra "_" is sometimes necessary
 //