From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by sourceware.org (Postfix) with ESMTPS id 2F1223858C2B for ; Tue, 9 May 2023 20:40:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2F1223858C2B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-959a3e2dd27so1118811866b.3 for ; Tue, 09 May 2023 13:40:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683664843; x=1686256843; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9+gQMIEq231sAHuc7iG310+g9dIQgoIFNr7/uPEOUFI=; b=qTAURdzH5Hnt0CaHHWJrroL4zmn6SEHBhR2Q3s0QojGehuBVSp9AbQ2UNZeMIZ9Tdm FwlPIvj64uenXzmj5skVht1D9GqZuw+teOcS0SZ15XdLx6W1jmoZ3mYl6CiUSc50Rsax iTj4NiJl1pB0J0ybeCL7B/xLdlKgPDtLVZptEE/7BPSjl1TVTVCKVQij0v7kRFK6HfDQ k7VDCF0B/Pk/+kEFsqz5+D+K0uOKeZRA0to138bH4QKudBtAerCFGs9msfBWhVJTPOQn kggmo1uDr0yrAkrufyWxx8fPMUzzByKTFw/sSDDanfHi9vT79e6GwweSBCD/bRPFVUMN pM9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683664843; x=1686256843; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9+gQMIEq231sAHuc7iG310+g9dIQgoIFNr7/uPEOUFI=; b=NU7vy4yrNouBWOY292QMZrzTlKAETpUjHMOlgSdMEFgGWCGtKwftsYvMimZFttK+EF VYHdxp3CKR7zw7K1AnQqLza2aG9vxm7SfwJo6mbd2gQS4dTCBkWfV6cLMVMEjVfPZuig 5f8fH+cDeoucfOkPOOHHAxKkD2ErOgUQz6adPjuMmwoAjc8oFb2kyPtXYGQGPfY5kaK7 aTbXAnAuyRHdk2W++ohM6Ne+joethIFOzqxvD1T35dVXFSu7pqtMkFnFUg0qp6BYuOFz SX+q70wClRod9F95jXLoE/MrAhcVEtNmNJ+V9eCFCR5gdtwtWupk3V8JQwSFlqfTI0EI MuEA== X-Gm-Message-State: AC+VfDy3nsk/q3phB32T7kBcgZibhk+fBhyj5kyz2deMUUt6SLXbXK/Y D+Z0uEHxWDcb+VgvkAS40xiKCWdKJQrlI3J6IzU= X-Google-Smtp-Source: ACHHUZ4j2WePbPzcsegF4/OryX2dayCagUpibXPcmEyk/A9I/OQ1bUXC1cJxZNpWwVv62vxLyeHXo5iiOByH2U1i3no= X-Received: by 2002:a17:906:dc93:b0:965:9602:1f07 with SMTP id cs19-20020a170906dc9300b0096596021f07mr14382702ejc.39.1683664842603; Tue, 09 May 2023 13:40:42 -0700 (PDT) MIME-Version: 1.0 References: <877cth66qb.fsf@oldenburg.str.redhat.com> <20230509102201.6aa2a7d14fdb2f1e7abff449@killthe.net> <87r0rp5uf8.fsf@aarsen.me> <83ttwla1ep.fsf@gnu.org> <83lehx9vix.fsf@gnu.org> <83fs859unu.fsf@gnu.org> In-Reply-To: From: Jonathan Wakely Date: Tue, 9 May 2023 21:40:31 +0100 Message-ID: Subject: Re: More C type errors by default for GCC 14 To: David Edelsohn Cc: Eli Zaretskii , Jakub Jelinek , =?UTF-8?Q?Arsen_Arsenovi=C4=87?= , "gcc@gcc.gnu.org" Content-Type: multipart/alternative; boundary="000000000000dd41ba05fb48c47a" X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --000000000000dd41ba05fb48c47a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 9 May 2023, 21:13 David Edelsohn, wrote: > On Tue, May 9, 2023 at 3:22=E2=80=AFPM Eli Zaretskii via Gcc > wrote: > >> > Date: Tue, 9 May 2023 21:07:07 +0200 >> > From: Jakub Jelinek >> > Cc: Jonathan Wakely , arsen@aarsen.me, >> gcc@gcc.gnu.org >> > >> > On Tue, May 09, 2023 at 10:04:06PM +0300, Eli Zaretskii via Gcc wrote: >> > > > From: Jonathan Wakely >> > > > Date: Tue, 9 May 2023 18:15:59 +0100 >> > > > Cc: Arsen Arsenovi=C4=87 , gcc@gcc.gnu.org >> > > > >> > > > On Tue, 9 May 2023 at 17:56, Eli Zaretskii wrote: >> > > > > >> > > > > No one has yet explained why a warning about this is not enough, >> and >> > > > > why it must be made an error. Florian's initial post doesn't >> explain >> > > > > that, and none of the followups did, although questions about >> whether >> > > > > a warning is not already sufficient were asked. >> > > > > >> > > > > That's a simple question, and unless answered with valid >> arguments, >> > > > > the proposal cannot make sense to me, at least. >> > > > >> > > > People ignore warnings. That's why the problems have gone unfixed >> for >> > > > so many years, and will continue to go unfixed if invalid code kee= ps >> > > > compiling. >> > > >> > > People who ignore warnings will use options that disable these new >> > > errors, exactly as they disable warnings. So we will end up not >> > >> > Some subset of them will surely do that. But I think most people will >> just >> > fix the code when they see hard errors, rather than trying to work >> around >> > them. >> >> The same logic should work for warnings. That's why we have warnings, >> no? >> > > This seems to be the core tension. If developers cared about these > issues, they would enable appropriate warnings and -Werror. > > The code using these idioms is not safe and does create security > vulnerabilities. And software security is increasingly important. > > The concern is using the good will of the GNU Toolchain brand as the tip > of the spear or battering ram to motivate software packages to fix their > problems. It's using GCC as leverage in a manner that is difficult for > package maintainers to avoid. Maybe that's a necessary approach, but we > should be clear about the reasoning. Again, I'm not objecting, but let's > clarify why we are choosing this approach. > So let's do it. Let's write a statement saying that the GCC developers consider software security to be of increasing importance, and that we consider it irresponsible to default to accepting invalid constructs in the name of backwards compatibility. State that we will make some changes which were a break from GCC's traditional stance, for the good of the ecosystem. Given recent pushes to discourage or outright ban the use of memory-safe languages in some domains, I think it would be good to make a strong statement about taking the topic seriously. And not just make a statement, but take action too. If we don't do this, I believe it will harm GCC in the long run. The vocal minority who want to preserve the C they're used to, like some kind of historical reenactment society, would get their wish: it would become a historical dead end and go nowhere. --000000000000dd41ba05fb48c47a--