From: Linus Torvalds <torvalds@linux-foundation.org>
To: Nathan Chancellor <nathan@kernel.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>,
Kees Cook <keescook@chromium.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-hardening@vger.kernel.org
Subject: Re: [GIT PULL] Enable -Wimplicit-fallthrough for Clang for 5.14-rc7
Date: Thu, 19 Aug 2021 13:37:20 -0700 [thread overview]
Message-ID: <CAHk-=whPU-SA2L=wiDGHGQBL_K-qtpu5EzQLwmV0qk7LSZKQrA@mail.gmail.com> (raw)
In-Reply-To: <9ef3265b-a5e7-d21b-68a8-ad137ac6ebfd@kernel.org>
On Thu, Aug 19, 2021 at 1:17 PM Nathan Chancellor <nathan@kernel.org> wrote:
>
> For what it's worth, clang's version of -Wimplicit-fallthrough would
> have caught the bug in commit 652b44453ea9 [..]
The thing is, any warning can catch a bug. The "signed pointer"
warnings could catch things too if people really care about "unsigned
char *" vs just plain "char *".
But warnings that have too many false positives are more likely to
hide bugs than expose them. So it's very much a balancing act.
I personally think that false positives are deadly: I'd much rather
have a c completely clean build where are the warnings are big red
flags, than a build that has warnings that _may_ be signs of bugs, but
where you have known false positives that have no sane workaround.
Because with even a _single_ false positive, people will immediately
just stop caring about any other warnings at all. We've seen that over
and over again.
This is why a compiler warning - to be useful - has to be completely
unambiguously about bad code, or at least have a alternate "good code
pattern" that is no worse than the code that the warning about.
> However, if you are truly opposed to a version check, can we at least
> just check for the presence of -Wunreachable-code-fallthrough as I
> suggested before?
I'm ok with that, since at that point there are no false warnings.
But even then, it's much too late for 5.14 by now, considering that
this has had issues, and that we already enable the warnings on the
common gcc builds.
Linus
prev parent reply other threads:[~2021-08-19 20:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-19 4:05 [GIT PULL] Enable -Wimplicit-fallthrough for Clang for 5.14-rc7 Gustavo A. R. Silva
2021-08-19 19:19 ` Linus Torvalds
2021-08-19 20:17 ` Nathan Chancellor
2021-08-19 20:37 ` Linus Torvalds [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=whPU-SA2L=wiDGHGQBL_K-qtpu5EzQLwmV0qk7LSZKQrA@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.