|
On 13/04/14 05:39, Russ Allbery wrote:
Then the answer is very simple. Write in Java.One can make a good argument that such checks are exactly what you should be doing. I am not a compiler writer, so I have no actual data. I suspect your common 20k line will yield about a thousand such warnings, the huge majority of which there will be nothing for you to do about.My understanding of things is that undefined behaviors are fairly common, and almost always benign. Look at the following code: Also, it turns out gcc does have such an option. See http://www.airs.com/blog/archives/120. -Wstrict-overflow will let you know when the optimizer uses the assumption of no overflow to change other code.
In most cases, you will overflow the packet long before you overflow
the integer. If that's the case, the compiler won't help you. There
is a good case to claim that the warning would be appropriate for
the following code:int compute_offset_into_network_packet( int a, int b )
{
int offset = a+b;
if( offset<0 || offset>PACKET_SIZE )
offset = 0;
return offset;
}
But, then again, what should the warning be? Like I said before, if
you don't like to deal with overflows, use Java and take Java's
performance hit. In fact, most of the world is doing precisely that.Like I said before, I am not against the compilers warning about such cases. I just think that these warnings need to be done very carefully, or they become worse than useless. As such, if you see a case in which you feel gcc (or clang, or whatever) should warn, by all means open a bug for it. Just make sure you make it a "feature request" and not a "security hole" severity. In other words, don't get mad merely because the compiler author did not read your mind. I don't know whether -Wstrict-overflow is on for -Wall (or -Wextra). If it isn't, I do think it should be. Just checked, and it is on for -Wall, sort of. See http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html. Shachar |