diff options
author | Gustavo A. R. Silva <gustavo@embeddedor.com> | 2019-06-06 19:46:17 -0500 |
---|---|---|
committer | Gustavo A. R. Silva <gustavo@embeddedor.com> | 2019-07-25 20:13:54 -0500 |
commit | a035d552a93bb9ef6048733bb9f2a0dc857ff869 (patch) | |
tree | 5661bb70a44691aa257dd640625996fa9a3b017e /Documentation/process | |
parent | 2defb94edb44784b0b5064633e05c97fdb1b0e0f (diff) |
Makefile: Globally enable fall-through warning
Now that all the fall-through warnings have been addressed in the
kernel, enable the fall-through warning globally.
Also, update the deprecated.rst file to include implicit fall-through
as 'deprecated' so people can be pointed to a single location for
justification.
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: linux-kbuild@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Diffstat (limited to 'Documentation/process')
-rw-r--r-- | Documentation/process/deprecated.rst | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst index 49e0f64a3427..053b24a6dd38 100644 --- a/Documentation/process/deprecated.rst +++ b/Documentation/process/deprecated.rst @@ -119,3 +119,17 @@ array may exceed the remaining memory in the stack segment. This could lead to a crash, possible overwriting sensitive contents at the end of the stack (when built without `CONFIG_THREAD_INFO_IN_TASK=y`), or overwriting memory adjacent to the stack (when built without `CONFIG_VMAP_STACK=y`) + +Implicit switch case fall-through +--------------------------------- +The C language allows switch cases to "fall through" when +a "break" statement is missing at the end of a case. This, +however, introduces ambiguity in the code, as it's not always +clear if the missing break is intentional or a bug. As there +have been a long list of flaws `due to missing "break" statements +<https://cwe.mitre.org/data/definitions/484.html>`_, we no longer allow +"implicit fall-through". In order to identify an intentional fall-through +case, we have adopted the marking used by static analyzers: a comment +saying `/* Fall through */`. Once the C++17 `__attribute__((fallthrough))` +is more widely handled by C compilers, static analyzers, and IDEs, we can +switch to using that instead. |