Date: Sun, 6 Nov 2011 16:47:38 -0800 From: Rui Paulo <rpaulo@FreeBSD.org> To: Warner Losh <imp@bsdimp.com> Cc: Alexander Best <arundel@FreeBSD.org>, freebsd-toolchain@FreeBSD.org, Dimitry Andric <dim@FreeBSD.org> Subject: Re: [poc] buildkernel + clang + -Werror Message-ID: <D33B52AF-854F-4FEB-A5DC-878017116C78@FreeBSD.org> In-Reply-To: <242747B7-3EAE-4988-A975-DC58B0997A6F@bsdimp.com> References: <20111105102102.GA54596@freebsd.org> <20111106172835.GO2258@hoeg.nl> <20111106203316.GA73216@freebsd.org> <4EB6F38E.2080006@FreeBSD.org> <20111106205805.GA78142@freebsd.org> <C7A0F95A-0F55-47BF-AD60-66DDAEEC3EC7@FreeBSD.org> <242747B7-3EAE-4988-A975-DC58B0997A6F@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 6, 2011, at 4:36 PM, Warner Losh wrote: > On Nov 6, 2011, at 2:13 PM, Rui Paulo wrote: >> The only argument against this tautological check that I agree with = is when the code is explicitly trying to be safe. If the developer = checks for "i < 0" when indexing an array he/she is trying to guard = against possible pitfalls in the future when someone suddenly decides to = change the variable type to become signed. One possible security = vulnerability was avoided because that developer checked for negative = values. >> I'm against turning this off by default, but it should not cause an = error. >=20 > Except when you pass args back and forth between signed and unsigned = and back again. If you check < 0 in the middle, that's one more = security bug you thought you had fixed, but really you've done nothing = with. Of course, but in the context of the compiler checks this argument = doesn't apply. Regards, -- Rui Paulo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D33B52AF-854F-4FEB-A5DC-878017116C78>