Re: Potentially false-positive -Wstringop-overflow= warning with gcc >= 11.1

public inbox for gcc-help@gcc.gnu.org
 help / color / mirror / Atom feed

From: Segher Boessenkool <segher@kernel.crashing.org>
To: Martin Sebor <msebor@gmail.com>
Cc: Martin Sebor via Gcc-help <gcc-help@gcc.gnu.org>,
	Dumitru Ceara <dceara@redhat.com>,
	richard.sandiford@arm.com
Subject: Re: Potentially false-positive -Wstringop-overflow= warning with gcc >= 11.1
Date: Wed, 2 Feb 2022 12:23:16 -0600	[thread overview]
Message-ID: <20220202182316.GZ614@gate.crashing.org> (raw)
In-Reply-To: <478a5194-c8aa-2be7-e4aa-f0d441cbfac0@gmail.com>

On Tue, Feb 01, 2022 at 04:54:17PM -0700, Martin Sebor wrote:
> On 1/31/22 22:18, Richard Sandiford wrote:
> >I agree that changing the wording doesn't solve the whole problem,
> >but I think it does solve something.  At the moment, we're effectively
> >asking each individual user to be aware of the context above, to know what
> >meaning is being attached to the present tense.  Making the message more
> >equivocal would at least suggest that the compiler doesn't “know”.
> 
> The compiler can never "know" for certain if any statement will be
> executed.

It can when it sees the whole source code.  Since noreturn attributes
are not required for functions that do not return, you can not tell
otherwise, sure.  For warnings you can assume any function that does not
say it does not not return does return, but yes you cannot know.

> Every warning message that involves control or data flow
> must be interpreted in the context of the surrounding code, whether
> it's an expression, statement, or the whole function.

Of course.  But if a warning message says "your code is wrong", it is a
bit of a leap to read that as "your code might be wrong", or "it looks
suspicious", etc.

> Every warning
> message must necessarily also be understood as only suggesting that
> "there may be a problem" in the program rather than "there definitely
> is a bug."

But that is for a very different reason: every warning also has false
positives.  If not, it should be an error, not a warning!

> There's plenty of literature out there that explains this, including
> the GCC manual, so I'd expect most C/C++ programmers to understand
> that.

But if your warning message says "your code is wrong", you cannot blame
the user for understanding that exactly as written.

> I don't think that rewording every warning message just to
> drill that message home and without addressing the bigger problem
> would make enough of a difference to justify the effort.

Our diagnostic messages should not lie.  This is definitely worth the
effort.  Yes, it can be hard, but the whole *goal* is to help the user,
so it makes sense to put in some effort to do help the user, instead of
frustrating him/her.

> (Users
> don't feel any better about -Wmaybe-uninitialized false positives
> than about -Wuninitalized, and they've periodically argued to
> remove the former from -Wall despite its equivocal phrasing.)

Of course they are not happy to see a messsage like "this or that may be
used uninitialised", but in what world does that make it okay for the
compiler to see "thhis *is* used uninitialised"?  That makes no sense.

> I agree.  I think there are at least two underlying problems: users
> expecting every warning message to point out an actual bug in their
> code,

You make that problem worse by telling the user that his code is wrong
(instead of saying it loooks suspicious, it may be wrong).

> and GCC failing to somehow indicate the conditional nature of
> the problems in the messages.

Yes.

We should have a way to say "this is UB if it ever is executed".  And we
do have one such way: we insert an abort before the statement.  Which we
do not do here.  If we want to not do this (the aborts are kind of
unfriendly after all), it would be nice to have a helper warning message
function warning_if_executed or similar, that would take care of the
phrasing and make it consistently correct for all such warnings.

Segher

     prev parent reply	other threads:[~2022-02-02 18:24 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-28 15:01 Dumitru Ceara
2022-01-28 15:27 ` Segher Boessenkool
2022-01-28 16:16   ` Dumitru Ceara
2022-01-28 17:37     ` Segher Boessenkool
2022-01-31 21:49     ` Martin Sebor
2022-01-31 22:01       ` Segher Boessenkool
2022-02-01  8:21         ` Jonathan Wakely
2022-02-01  5:18       ` Richard Sandiford
2022-02-01 14:42         ` Segher Boessenkool
2022-02-01 23:54         ` Martin Sebor
2022-02-02 10:12           ` Jonathan Wakely
2022-02-02 18:33             ` Segher Boessenkool
2022-02-02 20:44               ` Jonathan Wakely
2022-02-02 18:23           ` Segher Boessenkool [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220202182316.GZ614@gate.crashing.org \
    --to=segher@kernel.crashing.org \
    --cc=dceara@redhat.com \
    --cc=gcc-help@gcc.gnu.org \
    --cc=msebor@gmail.com \
    --cc=richard.sandiford@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).