[tor-bugs] #19180 [Core Tor/Tor]: Add new compiler warnings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 2 14:08:09 UTC 2016
#19180: Add new compiler warnings
--------------------------+------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-proposed | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Comment (by nickm):
ok, I really think I'm done for now. I've gone over the easy and not-too-
hard cases. Of the warnings I originally considered, they are either Out,
Done, or not-yet-done.
Here are the ones that I thought we might want to do where I decided
against them:
{{{
suggest-attrubte=const (4.6)
suggest-attribute=pure (4.6)
Rationale: these just suggest attributes that the compiler can use
to optimize code better (if we get them right) but which will make
the code incorrect (if we're wrong).
jump-misses-init (4.6)
Rationale: triggers all over. In many (all?) cases, the missing
initializer is for a variable that is not used after the jump. Our
existing static analysis tools SHOULD catch the cases where we can
_use_ an uninitialized variable.
unsuffixed-float-constants (4.6)
Not even like a bug; 1.0 is a fine way to spell the (double) 1.0.
strict-aliasing=5??? (3)
Requires strict-aliasing, which we disable.
disabled-macro-expansion (clang)
Triggers in stdio.h
extended-offsetof (clang)
We require this extension.
used-but-marked-unused (clang)
We need to be able to use "unused" to mean "maybe unused".
}}}
Here are the ones that we might want to look at later:
{{{
cast-qual (4.6)
Rationale: triggers everywhere, even in some pretty normal C. Would
be nice to have it trigger less, but would need to blow up a bunch
of API things. Bigger project.
conversion (4.6)
Rationale: triggers all over. Probably wrong code in some
cases, but careful thought needed in most Bigger project.
sign-conversion (4.6)
Triggers ALL OVER. Quite possibly a bug in some cases, though.
Bigger project.
cast-align (3)
We already do this safely. Need to re-test on a system with
stronger-than-intel alignment rules, though.
shadow (3)
mistake; worth fixing.
switch-default (3)
Not sure this is a good idea; somet of these look like mistakes,
but some don't.
assign-enum (clang)
triggers all over; worth fixing.
conditional-uninitialized (clang)
triggers all over; not sure whether this is worth fixing.
}}}
These should not become on-by-default, but they're worth hand-auditing
{{{
strict-overflow=3...5 (4.2)
Behaves pretty differently on different GCC versions.
We get warnings for just about every case where we have pointer
math in an addition. That seems nutty.
padded (3)
Not a mistake. Worth looking over for hand-audit purposes, but mostly
harmless.
unsafe-loop-optimizations (4.1)
Worth hand-auditing, but triggers on every kind of interesting for
loop.
covered-switch-default
Usually this is defensive programming, but it could be a mistake
in some cases, or could cover up future mistakes?
}}}
Aaand the bug19180_easy branch is still needs_review. :)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19180#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list