[Development] Compiler warnings

Kurt Pattyn pattyn.kurt at gmail.com
Fri Oct 17 13:16:51 CEST 2014

> On 17 Oct 2014, at 12:54, Sean Harmer <sean.harmer at kdab.com> wrote:
> On 17/10/2014 11:44, Bo Thorsen wrote:
>> Den 17-10-2014 12:22, Julien Blanc skrev:
>>> On 17/10/2014 10:15, Christian Kandeler wrote:
>>>> On 10/17/2014 08:48 AM, Kurt Pattyn wrote:
>>>>> As we are developing for aerospace, avionics, defence and healthcare, we are confronted on a daily basis with a lot of very stringent rules that we have to comply with (irrespective if some people might find these rules outdated, stupid, ridiculous or not). That's why we always compile with as much compiler warnings as possible. Our code must be audited by an external office anyways, so we better make sure we can avoid a bad report as soon as possible.
>>>>> Some examples of 'stupid' rules (which after second consideration aren't that stupid after all):
>>>>> - a switch statement must always have a default statement (also all cases must be handled)
>>>> Doesn't this actually make the code *worse* when using enums? Adding a
>>>> default statement when you handle all possible values will inhibit
>>>> genuine compiler warnings when you forget to add a case for a newly
>>>> added enum value. In fact, this is almost guaranteed to happen in a
>>>> non-trivial project, so this rule seems almost absurdly wrong to me.
>>> That one is always subject to debate. There is one thing not to forget
>>> in favor of this rule : enums are *not* guaranted to have a value
>>> amongst the defined ones. Undefined behaviour in that case is not an option.
>>> I wish i could have both a default statement and my compiler warning…
>> switch (enumValue) {
>> case E1: ...; break;
>> case E2: ...; break;
>> case Nope1:
>> case Nope2:
>>    // Intentionally not handled
>>    break;
>> }
>> Boom. Can I invoice you for this now? :)
> See also, Q_UNREACHABLE().
Indeed, but the main reason that all cases must be handled is to avoid arbitrary crashes of an application.
And handling does not mean just adding comments. We cannot afford that an X-Ray scanner crashes while beaming its X-rays onto a patient.
We cannot afford that a Boeing goes down because the software just crashes.
We speak of life critical applications here; in all other cases, most of these measures are merely overkill.
Q_UNREACHABLE() is fine if we can *prove* that indeed it will never be reached; the latter being nearly impossible.

> Cheers,
> Sean
> -- 
> Dr Sean Harmer | sean.harmer at kdab.com | Managing Director UK
> Klarälvdalens Datakonsult AB, a KDAB Group company
> Tel. Sweden (HQ) +46-563-540090, USA +1-866-777-KDAB(5322)
> KDAB - Qt Experts - Platform-independent software solutions
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

More information about the Development mailing list