[poc] buildkernel + clang + -Werror
Rui Paulo
rpaulo at FreeBSD.org
Sun Nov 6 21:13:00 UTC 2011
On Nov 6, 2011, at 12:58 PM, Alexander Best wrote:
> On Sun Nov 6 11, Dimitry Andric wrote:
>> On 2011-11-06 21:33, Alexander Best wrote:
>> ...
>>> the problem is, something like
>>>
>>> uint x;
>>>
>>> if (x < 0) ...
>>>
>>> clang will warn about this, yet it is 100% valid code so my vote would be to
>>> make such an error into a warning.
>>
>> Sorry, but checking something unsigned to be smaller than zero is bogus,
>> or at the least superfluous, and it's perfectly sane to warn about this,
>> especially since the compiler is not going to emit code for it at all.
>
> there was a discussion with the topic
> "disable -Wtautological-compare for clang" on freebsd-toolchain@ and most of
> the devs considered this code *not* to be bogus. ;)
Tautologic checks are good because they may find problems you never thought about. The examples pointed out are quite simple and are missing the point. You have to thinking about crazy macros.
The only argument against this tautological check that I agree with is when the code is explicitly trying to be safe. If the developer checks for "i < 0" when indexing an array he/she is trying to guard against possible pitfalls in the future when someone suddenly decides to change the variable type to become signed. One possible security vulnerability was avoided because that developer checked for negative values.
I'm against turning this off by default, but it should not cause an error.
Regards,
--
Rui Paulo
More information about the freebsd-toolchain
mailing list