From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) by sourceware.org (Postfix) with ESMTPS id D35033858D3C for ; Mon, 14 Nov 2022 12:42:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D35033858D3C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=aaronballman.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=aaronballman.com Received: by mail-qt1-x829.google.com with SMTP id cg5so6620532qtb.12 for ; Mon, 14 Nov 2022 04:42:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aaronballman.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NQQrTCVr2lcOrc3BeWUm0vOVftWdCTylwe4kVnRNhmE=; b=CPjq9CUYQeOQTgYCkAgL/+KPlgabge7WMJ7uEDOu6xP+3SIhp+/oAOcO7AUO4nUe1+ 2FtK6m3r+eE/Ob67+EnJcHJs/5+PlnM56O3uWJg5HwzX5YpiCXBBzGk+VzpYm35V/Ywo r+McKBBPnBwxUElInoRLcyos6YoQZYsxAALnRuKM6R4k3gZg0ExyLsHHuU2jFlVah0a3 KaeIan9R9LX9zUpLC8pgZSHrgsYs3VbUXdYs72IWO9J5xBG9SP2v6kSmfrtKdGhAvzT6 /0sCzVGO87mDDHRAWeCYVqTrN1kueO5qk27bEfsU+Linbf2kYNdFy+475NVRgqKjgLST hiZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NQQrTCVr2lcOrc3BeWUm0vOVftWdCTylwe4kVnRNhmE=; b=1s0SsyCk7nPPzWX2ayMkyDqqyaWMtanETdykPGm59DWm+PPv8JoJONVLgU+WYw4JiO mdregSUv91NnX5bKgcUmtrOxQyyGIUdQhGLppqSo1CdJZCvJ9PtEIGugDERgYMqUUy+t OqppvAtM8+NuSt5CdGXDMPHPJPqeDJRyWUAsHET6Lu7wO9nK2/86VXgziHWlxggTr5An AQKg1vjtfCC34X8T9ydxOYNYhaXf9utCF2NKYQ+jyrjF546dR4L19zzPMIGlg0Udx0Qm sIMXjhnsianof+ArUU5BcdC7H2ETmax5FQC4OCL4O3MB0DZVNjIBFh8jdJloPmdbJQng 0Vdg== X-Gm-Message-State: ANoB5pnzudX8OS+hO6ePjCa8yOCJbF0yHmlORIjZ0v3H858HmhLgO9vi rPmx+QvdHgfdWcyhSst/td+7dEqsQSUJXKSu X-Google-Smtp-Source: AA0mqf5p7yqEEaWh+00Isl47U2GsvwIouEsaz/T46CQeWld0Mbyysxm+jtOpFC9pFMculPzhVlBYxw== X-Received: by 2002:a05:622a:4899:b0:399:2e73:5498 with SMTP id fc25-20020a05622a489900b003992e735498mr11729169qtb.36.1668429728899; Mon, 14 Nov 2022 04:42:08 -0800 (PST) Received: from mail-yb1-f172.google.com (mail-yb1-f172.google.com. [209.85.219.172]) by smtp.gmail.com with ESMTPSA id l11-20020a37f90b000000b006e8f8ca8287sm6428454qkj.120.2022.11.14.04.42.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Nov 2022 04:42:07 -0800 (PST) Received: by mail-yb1-f172.google.com with SMTP id i131so13085193ybc.9 for ; Mon, 14 Nov 2022 04:42:07 -0800 (PST) X-Received: by 2002:a25:2516:0:b0:6dd:5d11:513e with SMTP id l22-20020a252516000000b006dd5d11513emr12484486ybl.278.1668429727347; Mon, 14 Nov 2022 04:42:07 -0800 (PST) MIME-Version: 1.0 References: <24ed5604-305a-4343-a1b6-a789e4723849@app.fastmail.com> <251923e7-57be-1611-be10-49c3067adf0d@cs.ucla.edu> <7ef0ce03-d908-649a-a6ee-89fea374d2b1@cs.ucla.edu> In-Reply-To: <7ef0ce03-d908-649a-a6ee-89fea374d2b1@cs.ucla.edu> From: Aaron Ballman Date: Mon, 14 Nov 2022 07:41:56 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: How can Autoconf help with the transition to stricter compilation defaults? To: Paul Eggert Cc: Zack Weinberg , c-std-porting@lists.linux.dev, autoconf@gnu.org, gcc@gcc.gnu.org, cfe-commits@lists.llvm.org, Gnulib bugs Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Sat, Nov 12, 2022 at 7:43 PM Paul Eggert wrote: > > On 2022-11-11 07:11, Aaron Ballman wrote: > > We believe the runtime behavior is sufficiently dangerous to > > warrant a conservative view that any call to a function will be a call > > that gets executed at runtime, hence a definitive signature mismatch > > is something we feel comfortable diagnosing (in some form) by default. > > As long as these diagnostics by default do not cause the compiler to > exit with nonzero status, we should be OK with Autoconf-generated > 'configure' scripts. Although there will be problems with people who run > "./configure CFLAGS='-Werror'", that sort of usage has always been > problematic and unsupported by Autoconf, so we can simply continue to > tell people "don't do that". That's good to know, but is a problem more generally -- we are strengthening more diagnostics to be warnings that are treated as an error by default. This gives our users the best experience in terms of diagnostic behavior -- they're clearly alerted to serious issues in their code (either issues of conformance, like with use of implicit int or implicit function decls in C99 or later, or issues of security like statically known instances of UB), but they still have the chance to downgrade the diagnostic back into a warning (good as a temporary solution to start migrating code) or disable the diagnostic entirely (good if you plan to never update your compiler version but otherwise not recommended). Some of these diagnostics are expected to change to be error-only diagnostics in the future, so this strengthening helps to set user expectations as well. That's why it's generally a problem when autoconf relies on invalid language constructs -- it creates a tension between the autoconf uses and improving the C ecosystem. The autoconf uses aren't always unreasonable, but are very much a special case scenario compared to general C development. I suspect that as the security posture of the C language and its implementations improves in response to recent concerns around suitability of the language (https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF), this tension will come up more frequently. ~Aaron