Basically, it seems reasonable to use in places where you want to
assert that ignoring the return value is VERY unlikely to be correct.
-scott
> --
> Chromium Developers mailing list: chromi...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-dev
>
My opinion is that this is one that we shouldn't go hog-wild with.
F/i, a place I have an unfinished CL to add it to is app/sql/*. My
rationale is that over time I've run across a surprising number of
cases where someone executes a SQL statement without checking the
return value, even though the following code obviously assumes
statement success. When the statement is making schema changes, you
can end up in very bad places.
Basically, it seems reasonable to use in places where you want to
assert that ignoring the return value is VERY unlikely to be correct.
Coincidentally, I just this week disabled this warning on Linux in all
third-party code we import, due to more or less this problem exactly.
http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=40499a685521ad804602dee4736bb6b2a20681bd
(PS: My attitude about warnings in third_party is: if upstream doesn't
care about 'em, and nobody on our team is fixing 'em, it's better to
not show them so that we don't become blind to warnings. For example,
our current Windows build emits 304 warnings that I don't think anyone
is currently looking into...)
To provoke discussion, here's my favorite example in our codebase.
PathService::Get can return false if for some reason it's unable to
compute a path.
If the caller doesn't check, it'll start doing file operations in a
directory other than it intended.
It appears we don't check the return code in 174 places:
http://codesearch.google.com/codesearch#search/&exact_package=chromium&q=%22%20%20PathService::Get(%22%20file:%5C.cc&type=cs
Whereas we do check the return code in 94:
http://codesearch.google.com/codesearch#search/&exact_package=chromium&q=%22(PathService::Get(%22%20file:%5C.cc&type=cs
Does that mean we're using this API wrong in >60% of cases? I'm not
sure. Maybe it's a bad API and we should just CHECK() on failure.
Agreed. Add it where it _will_ find bugs (example: All these FilePath
methods like Append() that return a new FilePath – everyone assumes
they modify *this), don't add it where it maybe eventually might find
a bug under the right circumstances.
Nico
IMHO, something like that which returns the useful value by reference
with a success code to gate usage is a great place to force the caller
to explicitly ignore the result. Even if the API is "bad", that
doesn't mean the caller is licensed to use it in a brittle fashion.
-scott