lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0702081351410.8424@woody.linux-foundation.org>
Date:	Thu, 8 Feb 2007 14:03:06 -0800 (PST)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	J.A. Magallón <jamagallon@....com>
cc:	Jan Engelhardt <jengelh@...ux01.gwdg.de>,
	Jeff Garzik <jeff@...zik.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: somebody dropped a (warning) bomb



On Thu, 8 Feb 2007, Linus Torvalds wrote:
> 
> But THE CALLER CANNOT AND MUST NOT CARE! Because the sign of "char" is 
> implementation-defined, so if you call "strcmp()", you are already 
> basically saying: I don't care (and I _cannot_ care) what sign you are 
> using.

Let me explain it another way.

Say you use

	signed char *myname, *yourname;

	if (strcmp(myname,yourname) < 0)
		printf("Ha, I win!\n")

and you compile this on an architecture where "char" is signed even 
without the explicit "signed".

What should happen?

Should you get a warning? The types really *are* the same, so getting a 
warning sounds obviously insane. But on the other hand, if you really care 
about the sign that strcmp() uses internally, the code is wrong *anyway*, 
because with another compiler, or with the *same* compiler on another 
architecture or some other compiler flags, the very same code is buggy.

In other words, either you should get a warning *regardless* of whether 
the sign actually matches or not, or you shouldn't get a warning at all 
for the above code. Either it's buggy code, or it isn't.

Warning only when the sign doesn't _happen_ to match is crap. In that 
case, it's not a warning about bad code, it's a warning about a bad 
*compiler*.

My suggestion is that if you *really* care about the sign so much that you 
want the sign warning, make it really obvious to the compiler. Don't ever 
call functions that have implicit signs. Make even "int" arguments (which 
is well-defined in its sign) use "signed int", and then you can make the 
compiler warn if anybody ever passes it an "unsigned int".

Never mind even a pointer - if somebody actually took the time and effort 
to spell out "signed int" in a function prototype, and you pass that 
function an unsigned integer, maybe a warning is perfectly fine. Clearly 
the programmer really cared, and if he didn't care about the sign that 
much, he could have used just "int".

Conversely, if somebody has a function with a "unsigned int" prototype, 
and you pass it a regular "int", a compiler shouldn't complain, because an 
"int" will just silently promote to unsigned. But perhaps the programmer 
passes it something that he had _explicitly_ marked with "signed int". 
Would it make sense to warn then? Makes sense to me.

And no, none of this is about "strict C standards". All of it is about 
"what makes sense". It simply doesn't make sense to complain about the 
sign of "char", because it's not something that has a very hard 
definition. Similarly, you shouldn't complain about regular "int" 
conversions, because they are normal, and the standard defines them, but 
maybe you can take a hint when the programmer gives you a hint by doing 
something that is "obviously unnecessary", like explicitly saying that 
"signed int" thing.

Just an idea. 

			Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ