[maldev]

Yes. There's a reason pretty much every secure C coding standard dictates exact what I said, like CERT C etc. There's a reason they have weird bugs. Just because it's an impressive piece of software, doesn't mean it can't have horrible design pattern written by substandard coders. And in an open source project with as many contributors as Linux, I would say it's not hard to fathom that there's a significant number of substandard people writing code on that codebase. Even MISRA quoted in the article I believe intends that you only have one goto location.

For a big example of substandard coding, see this thread for an egregious wireguard module in BSD. Countless other examples. https://news.ycombinator.com/item?id=33381949

[benj111]

or maybe its that things like a kernel reasonably need to use goto?

or at least at the time it was written, there werent alternatives that were performant enough.

[maldev]

I'm not saying not to use goto. The above example works on any C language, with some tweaks needed to K&R. I've done substantial Kernel work and can tell you that there's no reason to ever break my example and put multiple goto stubs. Can you provide a single situation where it is needed and there's no other alternative? I can't prove the negative you want me to.

[benj111]

I'm not convinced that "more than 1 goto location considered harmful" is any different from "goto considered harmful"

Each has its place. You don't 'need' to use Goto's at all. Your example could be achieved with more flags and if statements.

[mustache_kimono]

Either is more charitable, and both are probably closer to the truth.

FYI:

4,879 code results in illumos/illumos-gate for goto

2,587 code results in freebsd/freebsd-src for goto

It's not like any comparable project is immune? Perhaps `goto` says more about how old the code is?

[maldev]

I don't see how the number of goto's is relevant. You're still having alot of goto's in each function in the codebase with SESE and only using one goto location, solely for cleanup and exit.

[fsckboy]

a more interesting discussion between your point and his would be to show simple examples where each of the views break down. When you're dealing with allocation or handle cleanup, SESE sounds good to me. But with multilevel loop break or continues, even observing SESE I can see room for more gotos. But I don't know what either you or he are talking about.