From patchwork Sun Jul 17 15:52:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?TWFudWVsIEzDs3Blei1JYsOhw7Fleg==?= X-Patchwork-Id: 649259 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3rsrS950zQz9s9N for ; Mon, 18 Jul 2016 01:53:13 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b=sXQZr6hg; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; q=dns; s= default; b=XD3TH7By7T5W7CyLTD6ex0XEDnwYuPzna6XRmt0r2hedEpNAYDYXc OTm3agpP+Vic/tHfFIASAPW1879pBv+viYfYMNuH/g2i9ILgGi1W7oVp+tHSd0BI p80jtP010te0ke51Vxy+rHttlcd11FwlS6Q1Be8mPl8EaPZEDz8VJ0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender :subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=default; bh=lkji61LL1RgX5iohMsLhU7G0ni0=; b=sXQZr6hgmTbfJ6nc2IuTRXl0MKcK OvbYpaqtdMHfZFhB/WIDt13Iu4ow41xRuG5BaTMlL6XWfSWfafbHO+8cZH+PKuUG qaa1UIUS6aHRk/9w3WEIIKo2RYXhnoYdm8mzk3AZeRnjkZbyHhBNn3cppSEVUI6N kMqlc1+/DaYQKZg= Received: (qmail 105167 invoked by alias); 17 Jul 2016 15:53:06 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 105153 invoked by uid 89); 17 Jul 2016 15:53:06 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=BAYES_00, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.3.2 spammy=facilitate, Quoting X-HELO: mail-wm0-f47.google.com Received: from mail-wm0-f47.google.com (HELO mail-wm0-f47.google.com) (74.125.82.47) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Sun, 17 Jul 2016 15:52:56 +0000 Received: by mail-wm0-f47.google.com with SMTP id f126so77470375wma.1 for ; Sun, 17 Jul 2016 08:52:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=pncsoBL5xh9TJEZ/hAynLqGvRa8S1fi/e9BwjIE95VE=; b=bJ66u6pEzkpesQMQAM2JYFNOeLyWrFCSci09KUn3kmjWSVpCVzP+WBHKNWxfiLqFGT HV9rVn0NgxrFCgyIO83pEao3tKDzhIct+UPHmFfR6O63hRFhV6d5JfhyBbCkBJ/cZI4v hPxeKV/vgxzI+I/dAvUgwfM+6Kt34UMGqeQzRtJWqHY0fytvOc2h9ERaxjkISsjmsU7b xpwknrA71PLL6WgpklqRiLAvmzDc6xBIo7IEi+BNqV7lXZ0Ex00GVRKDQareXqAYG+JR Ov5cUH8ityLAdo+mFsmA2gR6ffXirL3Yp5O/nAXFgtcFlb51qsgX8eZUVBudPBhLQp1G pgig== X-Gm-Message-State: ALyK8tJ8ptVZ2AVpPaGpPPkgkVEGMip835YO3qf7quRa9sSbNfM1L4wWSEBhWpg9/By1sg== X-Received: by 10.28.158.87 with SMTP id h84mr47525684wme.43.1468770773002; Sun, 17 Jul 2016 08:52:53 -0700 (PDT) Received: from ?IPv6:2a02:c7d:2a31:1100:ac0d:7502:df7e:eb11? ([2a02:c7d:2a31:1100:ac0d:7502:df7e:eb11]) by smtp.googlemail.com with ESMTPSA id m127sm7345137wmm.21.2016.07.17.08.52.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 17 Jul 2016 08:52:52 -0700 (PDT) Subject: Re: RFA: new pass to warn on questionable uses of alloca() and VLAs To: Aldy Hernandez , Martin Sebor , gcc-patches , Martin Sebor , Jeff Law References: <577F9301.10205@redhat.com> <5782C7A3.9050308@gmail.com> <578917C0.4000809@redhat.com> Cc: Andrew MacLeod From: =?UTF-8?B?TWFudWVsIEzDs3Blei1JYsOhw7Fleg==?= Message-ID: <578AE85D.2030903@gmail.com> Date: Sun, 17 Jul 2016 16:52:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <578917C0.4000809@redhat.com> On 15/07/16 18:05, Aldy Hernandez wrote: + case OPT_Walloca_larger_than_: + if (!value) + inform (loc, "-Walloca-larger-than=0 is meaningless"); + break; + + case OPT_Wvla_larger_than_: + if (!value) + inform (loc, "-Wvla-larger-than=0 is meaningless"); + break; + We don't give similar notes for any of the other Wx-larger-than= options. If -Wvla-larger-than=0 suppresses a previous -Wvla-larger-than=, then it doesn't seem meaningless, but a useful thing to have. + if (is_vla) + gcc_assert (warn_vla_limit > 0); + if (!is_vla) + gcc_assert (warn_alloca_limit > 0); if-else ? Or perhaps: gcc_assert (!is_vla || warn_vla_limit > 0); gcc_assert (is_vla || warn_alloca_limit > 0); + warning_at (loc, OPT_Walloca, "use of alloca"); + continue; Since alloca is a source code entity, it would be good to quote it using %< %> (this hints translators to not translate it). + const char *alloca_str + = is_vla ? "variable-length array" : "alloca"; + char buff[WIDE_INT_MAX_PRECISION / 4 + 4]; + switch (w) + { + case ALLOCA_OK: + break; + case ALLOCA_BOUND_MAYBE_LARGE: + gcc_assert (assumed_limit != 0); + if (warning_at (loc, wcode, + "argument to %s may be too large", alloca_str)) + { + print_decu (assumed_limit, buff); + inform (loc, "limit is '%u' bytes, but argument may be '%s'", + is_vla ? warn_vla_limit : warn_alloca_limit, buff); + } + break; + case ALLOCA_BOUND_DEFINITELY_LARGE: + gcc_assert (assumed_limit != 0); + if (warning_at (loc, wcode, + "argument to %s is too large", alloca_str)) + { + print_decu (assumed_limit, buff); + inform (loc, "limit is %u' bytes, but argument is '%s'", + is_vla ? warn_vla_limit : warn_alloca_limit, buff); + } + break; https://gcc.gnu.org/codingconventions.html#Diagnostics : All diagnostics should be full sentences without English fragments substituted in them, to facilitate translation. Example: if (warning_at (loc, wcode, is_vla ? "argument to variable-length array may be too large" : "argument to % may be too large")) + print_decu (assumed_limit, buff); + inform (loc, "limit is '%u' bytes, but argument may be '%s'", + is_vla ? warn_vla_limit : warn_alloca_limit, buff); + } https://gcc.gnu.org/wiki/DiagnosticsGuidelines#Quoting : Other elements such as numbers that do no refer to numeric constants that appear in the source code should not be quoted. + warning_at (loc, wcode, "argument to %s may be too large due to " + "conversion from '%T' to '%T'", + alloca_str, invalid_casted_type, size_type_node); From the same link: Text should be quoted by either using the q modifier in a directive such as %qE, or by enclosing the quoted text in a pair of %< and %> directives, and never by using explicit quote characters. The directives handle the appropriate quote characters for each language and apply the correct color or highlighting. I don't think the above are critical problems, they could be fixed by a follow up patch. Cheers, Manuel. --- a/gcc/c-family/c.opt +++ b/gcc/c-family/c.opt @@ -275,6 +275,15 @@ Wall C ObjC C++ ObjC++ Warning Enable most warning messages. +Walloca +C ObjC C++ ObjC++ Var(warn_alloca) Warning + +Walloca-larger-than= +C ObjC C++ ObjC++ Var(warn_alloca_limit) Warning Joined RejectNegative UInteger +-Walloca-larger-than= Warn on unbounded uses of +alloca, and on bounded uses of alloca whose bound can be larger than + bytes. No description for Walloca. + if (warn_alloca)