From owner-freebsd-toolchain@FreeBSD.ORG Sun Nov 6 21:13:00 2011 Return-Path: Delivered-To: freebsd-toolchain@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85107106566B; Sun, 6 Nov 2011 21:13:00 +0000 (UTC) (envelope-from rpaulo@FreeBSD.org) Received: from stark.strangled.net (stark.strangled.net [IPv6:2607:f2f8:a528::3:1337:ca7]) by mx1.freebsd.org (Postfix) with ESMTP id 6BAA68FC18; Sun, 6 Nov 2011 21:13:00 +0000 (UTC) Received: from [10.0.10.6] (c-71-204-150-235.hsd1.ca.comcast.net [71.204.150.235]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by stark.strangled.net (Postfix) with ESMTPSA id 1B4253981E; Sun, 6 Nov 2011 13:13:00 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=us-ascii From: Rui Paulo In-Reply-To: <20111106205805.GA78142@freebsd.org> Date: Sun, 6 Nov 2011 13:13:04 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20111105102102.GA54596@freebsd.org> <20111106172835.GO2258@hoeg.nl> <20111106203316.GA73216@freebsd.org> <4EB6F38E.2080006@FreeBSD.org> <20111106205805.GA78142@freebsd.org> To: Alexander Best X-Mailer: Apple Mail (2.1251.1) Cc: freebsd-toolchain@freebsd.org, Dimitry Andric Subject: Re: [poc] buildkernel + clang + -Werror X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2011 21:13:00 -0000 On Nov 6, 2011, at 12:58 PM, Alexander Best wrote: > On Sun Nov 6 11, Dimitry Andric wrote: >> On 2011-11-06 21:33, Alexander Best wrote: >> ...=20 >>> the problem is, something like >>>=20 >>> uint x; >>>=20 >>> if (x < 0) ... >>>=20 >>> clang will warn about this, yet it is 100% valid code so my vote = would be to >>> make such an error into a warning. >>=20 >> Sorry, but checking something unsigned to be smaller than zero is = bogus, >> or at the least superfluous, and it's perfectly sane to warn about = this, >> especially since the compiler is not going to emit code for it at = all. >=20 > there was a discussion with the topic > "disable -Wtautological-compare for clang" on freebsd-toolchain@ and = most of > the devs considered this code *not* to be bogus. ;) Tautologic checks are good because they may find problems you never = thought about. The examples pointed out are quite simple and are missing = the point. You have to thinking about crazy macros. The only argument against this tautological check that I agree with is = when the code is explicitly trying to be safe. If the developer checks = for "i < 0" when indexing an array he/she is trying to guard against = possible pitfalls in the future when someone suddenly decides to change = the variable type to become signed. One possible security vulnerability = was avoided because that developer checked for negative values. I'm against turning this off by default, but it should not cause an = error. Regards, -- Rui Paulo