public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug debug/20229] New: -Wcast-qual option is easily evaded
@ 2005-02-27 16:01 kmk at ssl dot org
2005-02-27 16:08 ` [Bug c/20229] " pinskia at gcc dot gnu dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: kmk at ssl dot org @ 2005-02-27 16:01 UTC (permalink / raw)
To: gcc-bugs
The -Wcast-qual option in GCC can easily be evaded by "clever" hacks, which
seriously reduces the utility of this feature in catching dangerous behavior
intentionally hidden by programmers from unit testers.
Here is code for a test case (which is extremely simple, and includes no
headers, so I am sending the source rather than the virtually-identical
intermediate file, which lacks comments):
-------------------
void evil_string_modifier(char *s) { s[0] = 0; }
int main(void) {
// This warns, as expected:
evil_string_modifier("Test string one.");
// This also warns, as expected:
evil_string_modifier((char *)"Test string two.");
// This, however, does not warn...but should:
evil_string_modifier((char *)(int)"Test string three.");
}
---------------------------
The compiler output for the code given above:
Using built-in specs.
Configured with: ./configure --prefix=/usr --host=i386-just-dragonflybsd
Thread model: posix
gcc version 3.4.3 [DragonFly] (propolice, visibility)
/usr/libexec/gcc34/cc1 -E -quiet -v -iprefix
/usr/libexec/gcc34/../gcc34//3.4.1/ bug.c -march=pentium3 -W -Wall
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wno-uninitialized
-Wall -W -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts
-Winline -Wnested-externs -Wredundant-decls -O -o bug.i
ignoring nonexistent directory "/usr/libexec/gcc34/../gcc34//3.4.1/include"
ignoring nonexistent directory "/usr/libexec/gcc34/../gcc34//3.4.1/libdata/gcc34"
#include "..." search starts here:
#include <...> search starts here:
/usr/include
/usr/libdata/gcc34
End of search list.
/usr/libexec/gcc34/cc1 -fpreprocessed bug.i -quiet -dumpbase bug.c
-march=pentium3 -auxbase bug -O -W -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Wno-uninitialized -Wall -W
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts
-Winline -Wnested-externs -Wredundant-decls -version -o bug.s
GNU C version 3.4.3 (i386-just-dragonflybsd)
compiled by GNU C version 2.95.4 20020320 [DragonFly].
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
bug.c:2: warning: no previous prototype for 'evil_string_modifier'
bug.c: In function `main':
bug.c:7: warning: passing arg 1 of `evil_string_modifier' discards qualifiers
from pointer target type
bug.c:10: warning: cast discards qualifiers from pointer target type
bug.c:15: warning: control reaches end of non-void function
as -o bug.o bug.s
ld -V -dynamic-linker /usr/libexec/ld-elf.so.1 -o bug /usr/lib/crt1.o
/usr/lib/crti.o /usr/lib/crtbegin.o -L/usr/lib/gcc34 bug.o -lgcc -lc -lgcc
/usr/lib/crtend.o /usr/lib/crtn.o
GNU ld version 2.15 [DragonFly] 2004-05-17
Supported emulations:
elf_i386
--
Summary: -Wcast-qual option is easily evaded
Product: gcc
Version: 3.4.3
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: debug
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: kmk at ssl dot org
CC: gcc-bugs at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
@ 2005-02-27 16:08 ` pinskia at gcc dot gnu dot org
2005-02-27 16:33 ` kmk at ssl dot org
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2005-02-27 16:08 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2005-02-27 05:02 -------
Nope the following cannot be warned about because you first change the pointer to an integer and then
cast it to a char pointer which is only defined iff int is the same size as the pointer (which is warned
about on 64bit targets):
// This, however, does not warn...but should:
evil_string_modifier((char *)(int)"Test string three.");
Not warning is correct as there is a cast inbetween.
the docs are clear:
Warn whenever a pointer is cast so as to remove a type qualifier from the target type. For example,
warn if a const char * is cast to an ordinary char *.
Since the cast to int is inbetween there, the warning does not makes sense any more.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Component|debug |c
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
2005-02-27 16:08 ` [Bug c/20229] " pinskia at gcc dot gnu dot org
@ 2005-02-27 16:33 ` kmk at ssl dot org
2005-02-27 19:49 ` schwab at suse dot de
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: kmk at ssl dot org @ 2005-02-27 16:33 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From kmk at ssl dot org 2005-02-27 05:40 -------
Actually, the documentation clearly claims:
"Warn WHENEVER a pointer is cast so as to remove a type qualifier from the
target type."
It does not say:
"Warn whenever a pointer is cast to ANOTHER POINTER in such a way that it
removes a type qualifier from the target type."
Casting a const pointer to any non-pointer object will remove the const
qualifier from the pointer, no matter how you look at it. To not flag this abuse
is not only in obvious contradiction with the documentation, it makes the option
utterly useless for detecting intentionally dangerous behavior by programmers.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
2005-02-27 16:08 ` [Bug c/20229] " pinskia at gcc dot gnu dot org
2005-02-27 16:33 ` kmk at ssl dot org
@ 2005-02-27 19:49 ` schwab at suse dot de
2005-02-27 20:45 ` joseph at codesourcery dot com
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: schwab at suse dot de @ 2005-02-27 19:49 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From schwab at suse dot de 2005-02-27 14:54 -------
Casting to an integer does not remove the qualifier from the target type, it
removes the target type completely. Since an integer is not a pointer, there
cannot be a target type any more. So the documentation is correct.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
` (2 preceding siblings ...)
2005-02-27 19:49 ` schwab at suse dot de
@ 2005-02-27 20:45 ` joseph at codesourcery dot com
2005-02-28 8:28 ` kmk at ssl dot org
2005-02-28 8:39 ` kmk at ssl dot org
5 siblings, 0 replies; 7+ messages in thread
From: joseph at codesourcery dot com @ 2005-02-27 20:45 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From joseph at codesourcery dot com 2005-02-27 14:59 -------
Subject: Re: -Wcast-qual option is easily evaded
On Sun, 27 Feb 2005, schwab at suse dot de wrote:
> Casting to an integer does not remove the qualifier from the target type, it
> removes the target type completely. Since an integer is not a pointer, there
> cannot be a target type any more. So the documentation is correct.
I would add that it is *useful* for programmers to be able to avoid the
warning in cases where they know what they are doing. That is, it's a
*feature* that one can define
#define remove_const(x, type) ((type)(size_t)(x))
and so avoid the warnings.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
` (3 preceding siblings ...)
2005-02-27 20:45 ` joseph at codesourcery dot com
@ 2005-02-28 8:28 ` kmk at ssl dot org
2005-02-28 8:39 ` kmk at ssl dot org
5 siblings, 0 replies; 7+ messages in thread
From: kmk at ssl dot org @ 2005-02-28 8:28 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From kmk at ssl dot org 2005-02-27 21:55 -------
It is precisely because it is "useful" to programmers in the manner described
that a check is needed on it so that persons charged with the task of code
validation or modification do not have to read 250,000 lines of code to find
"clever" little hacks that have been inserted to "fix" otherwise "inconvenient"
problems.
If you want to pick nits about casting to a pointer removing the target type
completely: fine. That is a perfectly reasonable technicality. However, in that
event, I would suggest that a separate option be added that exhibits the
behavior I describe by flagging ALL cases where a qualifier is discarded. Such
an option would be significantly more useful to code maintainers (as opposed to
the original authors of the code) in uncovering places where things go "boom"
when code is extended or modified.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread* [Bug c/20229] -Wcast-qual option is easily evaded
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
` (4 preceding siblings ...)
2005-02-28 8:28 ` kmk at ssl dot org
@ 2005-02-28 8:39 ` kmk at ssl dot org
5 siblings, 0 replies; 7+ messages in thread
From: kmk at ssl dot org @ 2005-02-28 8:39 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From kmk at ssl dot org 2005-02-27 22:03 -------
And furthermore, if it is so "useful" to be able to hide this behavior, why have
this option at all? Why force programmers to undertake the two-step bomb-arming
instead of just letting them do it in one step by casting away the const
directly? What is the purpose of this option if you can evade it with "a little
extra effort"?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=20229
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-02-27 22:03 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-02-27 16:01 [Bug debug/20229] New: -Wcast-qual option is easily evaded kmk at ssl dot org
2005-02-27 16:08 ` [Bug c/20229] " pinskia at gcc dot gnu dot org
2005-02-27 16:33 ` kmk at ssl dot org
2005-02-27 19:49 ` schwab at suse dot de
2005-02-27 20:45 ` joseph at codesourcery dot com
2005-02-28 8:28 ` kmk at ssl dot org
2005-02-28 8:39 ` kmk at ssl dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).