Andres Freund <and...@anarazel.de> writes:
> I experimented with making the compiler warn about about some of these
> kinds of mistakes without needing full test coverage:
> I was able to get clang to warn about things like using palloc in signal
> handlers, or using palloc while holding a spinlock. Which would be
> great, except that it doesn't warn when there's an un-annotated
> intermediary function. Even when that function is in the same TU.
Hm. Couldn't we make "calling an un-annotated function" be a violation
in itself? Certainly in the case of spinlocks, what we want is pretty
nearly a total ban on calling anything at all. I wouldn't cry too hard
about having a similar policy for signal handlers. (The postmaster's
handlers would have to be an exception for now.)
regards, tom lane
