<div dir="ltr"><br><br><div class="gmail_quote">On Thu, Apr 5, 2012 at 10:57 AM, Nadav Har'El <span dir="ltr"><<a href="mailto:nyh@math.technion.ac.il">nyh@math.technion.ac.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Wed, Apr 04, <a href="tel:2012" value="+9722012">2012</a>, Oleg Goldshmidt wrote about "Re: [YBA] kernel compile errors with GCC >= 4.6":<br>
> On Wed, Apr 4, <a href="tel:2012" value="+9722012">2012</a> at 10:03 AM, Jonathan Ben Avraham <<a href="mailto:yba@tkos.co.il">yba@tkos.co.il</a>>wrote:<br>
><br>
> > Dear linux-il colleagues,<br>
> > GCC 4.6 introduced many new warnings that cause -Werror to stop the<br>
> > compilation for some platforms, such as powerpc, in various files.<br>
><br>
> Oh, I didn't even know they finally introduced -Werror... Good.<br>
<br>
Why is this good?<br>
<br>
In the (very) old days, there was a clear separation: The compiler<br>
gave you *errors*, and a separate program, call "lint",<br>
(<a href="http://en.wikipedia.org/wiki/Lint_%28software%29" target="_blank">http://en.wikipedia.org/wiki/Lint_%28software%29</a>) was used to find<br>
various risky code, possible bugs, unused variables, and so on, and<br>
warn on them.<br>
<br>
I *don't* like the fact that modern compilers decide to complain on<br>
issues of questionable style, such having a variable which is never<br>
used, using "=" (deliberately, not ==) in an "if"'s expression, and so<br>
on. I like even less the trend to use something like "-Werror" to *abort*,<br>
not just warn, on these cases.<br>
<br>
After our last Hspell release, I started receiving complaints from<br>
various people who used slightly different compilers than I did, so got<br>
different *warnings* that I didn't get. This was very annoying, because<br>
although I could (and did) fix those warnings, most of them did not have<br>
any merit, and the only reason why I made many of these changes was to<br>
"appease" the compilers. In one example, the compiler wrongly deduced that a<br>
variable could be used before being set, which was false (I can explain why,<br>
but the details aren't important here). In another example, a header file<br>
defined a few static arrays, and not all of them were needed in each<br>
including file - and the compiler complained about the defined-but-not-used<br>
static arrays.<br>
<br>
I think all of this is bad. I agree that it's useful to have a tool<br>
(lint, gcc -Wall, or whatever), for the *developer* to find possible<br>
problems. But the developer shouldn't *have* to change the code to<br>
appease this tool, if he doesn't want to. The compiler that a *user*<br>
of this code uses should definitely not attempt to look for such<br>
"possible" problems, and most definitely should not abort the<br>
compilation if it finds some. The contract between the programmer and<br>
the user is that the programmer writes the code as carefully as he can -<br>
and the user tries the best he can to compile it, NOT find reasons for<br>
the compilation to fail. See also <a href="http://en.wikipedia.org/wiki/Postel%27s_law" target="_blank">http://en.wikipedia.org/wiki/Postel%27s_law</a></blockquote><div><br></div><div>Postel's law leaves room future standard modifications, but it seems to me it is also </div>
<div>the source of many vulnerabilities. For example, one of the zero day vulnerabilities </div><div>used by Stuxnet is that free text could be inserted before real code, and was ignored. </div><div>This allowed a place for the Stuxnet code.</div>
<div><br></div><div>So, if you wish to write a defensive system, you should stick with what you know is true - </div><div>be conservative both in what you send and what you receive.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
If -Werror is used in a big-enough project, there is a very high<br>
probability that compilation will always fail when a new version of the<br>
compiler is first tried. I fail to see why this is a good thing.<br>
<font color="#888888"><br>
--<br>
Nadav Har'El | Thursday, Apr 5 <a href="tel:2012" value="+9722012">2012</a>,<br>
<a href="mailto:nyh@math.technion.ac.il">nyh@math.technion.ac.il</a> |-----------------------------------------<br>
Phone <a href="tel:%2B972-523-790466" value="+972523790466">+972-523-790466</a>, ICQ 13349191 |Someone offered you a cute little quote<br>
<a href="http://nadav.harel.org.il" target="_blank">http://nadav.harel.org.il</a> |for your signature? JUST SAY NO!<br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</font></blockquote></div><br><br clear="all"><div><br></div>-- <br>Orna Agmon Ben-Yehuda.<br><a href="http://ladypine.org">http://ladypine.org</a><br>
</div>