From: Ralph Corderoy <ralph@inputplus.co.uk>
Date: Sat, 10 Dec 2016 14:19:43 +0000 (+0000)
Subject: Document that adios() does not return.  abort() ensures it won't.
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/0b45ebe59218793491ac1091a49fb00c2e1a331f?hp=302624baed0d6a67a14d081ed021c88ce0c18a86

Document that adios() does not return.  abort() ensures it won't.

Discussion with David confirmed that adios()'s de facto contract with
the caller is that it won't return.  Document that, and add an abort(3)
to ensure it won't occur.  Better that than return and blunder on until
a SEGV or corruption later.
---

diff --git a/sbr/error.c b/sbr/error.c
index 1796736c..b33eae54 100644
--- a/sbr/error.c
+++ b/sbr/error.c
@@ -29,7 +29,9 @@ advise (const char *what, const char *fmt, ...)
 /* adios calls advertise() with no tail to print fmt, and perhaps what,
  * to stderr, and "ends" the program with an error exit status.  The
  * route to exit is via the done function pointer and may not be
- * straightforward. */
+ * straightforward, e.g. longjmp(3), but it must not return to adios().
+ * If it does then it's a bug and adios() will abort(3) as callers do
+ * not expect execution to continue. */
 void
 adios (const char *what, const char *fmt, ...)
 {
@@ -38,9 +40,8 @@ adios (const char *what, const char *fmt, ...)
     va_start(ap, fmt);
     advertise (what, NULL, fmt, ap);
     va_end(ap);
-    /* done(), by default, calls exit(). So this function, with that
-       default, will never return. */
     done (1);
+    abort();
 }