lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 26 Jun 2015 10:28:58 -0400
From:	Tejun Heo <tj@...nel.org>
To:	Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:	Jens Axboe <axboe@...com>, torvalds@...uxfoundation.org,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Cgroup writeback support for 4.2

Hello, Geert.

On Fri, Jun 26, 2015 at 03:57:18PM +0200, Geert Uytterhoeven wrote:
> > Can you please tell me the version of gcc which triggered the above
> > warnings?
> 
> gcc 4.1.2

I see.  I read wrong.

> That's why I keep on using gcc 4.1.2: it still gives build warnings for
> many "used uninitialized" cases that later gcc versions let pass silently.
>
> Granted, some of these are false positives (that's why it was disabled in
> later gcc versions), but some of these are valid and real bugs.

That's kinda surprising.  My impression has been that later gcc
versions are doing a lot better job both at actually detecting
problematic ones and avoiding false positives.  I'm surprised that
4.1.2 is still catching uninitialized usages later gcc's (and other
static analyzers) can't.  Can you roughly say how often it detects
actual problems that later ones can't?

> Anyway, as a casual reader, it took me a while to notice all four warnings
> listed above are false positives...

4.1.2 is more than 8 years old at this point.  I really don't want to
kludge the code w/ unnecessary initializations as that'll actually
harm our ability to detect actual problems.  The only option would be
refactoring the code so that larger blocks of code are put into
#ifdefed functions but I'm not really sure whether keeping 4.1.2 happy
should be a guideline that we follow when organizing code.

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists