Proof positive the "signedness of char *" warning is useless.
John Z. Bohach
jzb at aexorsyst.com
Fri Dec 2 05:13:26 UTC 2005
On Thursday 01 December 2005 15:13, Rob Landley wrote:
> My complaint was that any legitimate warnings were getting buried in the
> noise of all the char * warnings.
>
> The "signedness of int" warnings are a lot more legitimate, because that's
> a signedness that was always well defined.
All such warnings are "legitimate." If a function asks you to pass to it a
signed parameter, and you pass it an unsigned one, be warned. If its
intential, cast it, so its obvious that the type mismatch is intentional. If
its not intentional, fix it to match the prototype.
You've taken the position that because nothing is obviously broken by
sign-mismatched parameters being passed, its okay to do so. It is not okay,
even though most of the time you can get away with it, and most of the time
compilers don't warn about it.
Now, the current situation is that gcc has reached a level of maturity (or the
gcc developers had nothing better to do) that allows it to warn about sign
mismatches. I applaude that. Yes, C is a weakly-typed language, else such
mismatches would cause compile-time errors and your code wouldn't even
compile. I admit to being a purist, but damn it, computing requires, nay,
demands, perfection. Yes, back-end testing could catch some errors, but if
you write clean code to begin with, you won't need to rely so much on the
tests.
Your points are very valid, if taken in the context of "do we want to allocate
resources to implement the _proper_ fix to the sign warning when nothing
seems to be broken anyway." And in that context, I agree with you 100%.
Note that _proper_ means to me to use either casts if the mismatch is
intentional, or fixed code if the type mismatch is not intentional. I mean,
if the prototype says "pass me a signed char" than just humor the man and
pass him a signed char, and don't squirm about "well a char's signedness has
never really been well-defined..." While you are correct, I'd like to point
out to the court that your argument is irrelevant to clean code. If you
don't like warnings, write clean code. If your argument is it doesn't
matter, then fine, we're with you. But grant me that you wouldn't do
sign-mismatched parameters on purpose...(at least not without a cast.) And
if its not on purpose, than again, I want the compiler warnings, so I can go
back and clean my code, because maybe I did miss something...
> > It might even
> > be better to write a perl or gawk script to replaced the unsigned with
> > signed in the cases where warnings are generated,
>
> NO.
There are lots of such warnings. They all need to be looked at and fixed
manually in the end. The destination is the same. There's a top-down
approach, of starting with the first and going on and on...and than there's
the bottom up approach: replace them all let the test suite sort them out.
Depending on the circumstances, one approach may be more appropriate than the
other.
>
> Automatic changes to shut the compiler up, where a human didn't look at
> each and every change being made, are not just churn but DANGEROUS churn.
> I would _protest_ the application of such a patch.
You misunderstand. If there are no errors (you claim there are none) with the
sign mismatches, then fixing them to be not mismatched will introduce them?
Doesn't follow, unless the code relies on coding errors to come up with the
correct results. Possible, but not likely. If this code works with the
warnings, surely there can't be too much risk in fixing the warnings
correctly, to have not sign mismatched parameters? Can there? Yes, I know
your answer, but if it is a risk, then I submit its a greater risk to have
the sign mismatches present in the first place. Resources resources...
>
> > and retest the code,
>
> Because obviously none of these are bugs that have shown up in testing so
> far, so fresh testing will obviously be equally effective in giving us a
> false sense of security.
Can't blame programmers not honoring the prototype on either the compiler or
the test suite. Damn it people, honor thy father, mother, and prototype.
> Something _useful_ to do would be to fill out the test suite so we have
> serious coverage. (Not necessarily fun, but I take a whack at it every
> couple of weeks. Big job, but relatively easy to make progress on. The
> problem is, I generally find esoteric bugs and wander off on tangents
> fixing them. :)
I'm quite swamped with a bunch of projects at the moment, but soon, soon I
tell you, I will be able to contribute more than just words...I'm cleaning up
buildroot, among other things, to be at least self-hosting, and when that's
done, I can write some code for busybox. Keep me in mind, and if there's
some coding you want to offload later, I'd be happy to help. And by the way,
I NEVER mismatch signs on prototypes, except when hardware bit-mapped
structures force me to recast bit-fields, but then I ALWAYS cast them, so I
know I did it on purpose. And my bain is the miserable "blah blah breaks
strict-aliasing rules..." warning which showed up around the gcc-3.3.4
timeframe. Yes, I could turn it off easily, but I've learned to live with
it, even though I am quite a huge fan of the silent build (and I don't mean
with the .SILENT target), i.e., no warnings, none, not even a makefile
warning about overriding rules, though I really can't do anything about that
without modifying the 'make' sources...(which I've considered...).
--John
--
### Any similarity between my views and the truth is completely ###
### coincidental, except that they are endorsed by NO ONE ###
More information about the busybox
mailing list