c-std-porting.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Florian Weimer <fweimer@redhat.com>
To: David Edelsohn <dje.gcc@gmail.com>
Cc: gcc@gcc.gnu.org,  c-std-porting@lists.linux.dev
Subject: Re: More C type errors by default for GCC 14
Date: Tue, 09 May 2023 20:22:44 +0200	[thread overview]
Message-ID: <87cz394b63.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <CAGWvnykoEtT0BQtuN70DN6tWohtf=Mm7SW55psZvVmj3OvKUEg@mail.gmail.com> (David Edelsohn's message of "Tue, 9 May 2023 11:03:22 -0400")

* David Edelsohn:

> Yes, GCC has two, distinct user groups / use cases, but GCC also has a
> very unique and crucial role, as the foundation for a large portion of
> the GNU/Linux and FOSS software ecosystem.  This proposal is missing a
> motivation for this change, especially making new errors the default.

I tried to explain that in my introductory comments, but perhaps that
was a bit too abstract.

Here are some examples of the stuff I personally deal with in this space
on a semi-regular basis.

* alleged code generation bugs because the upper 32 bits of a pointer
  are set to zero or 0xffffffff, resulting in crashes.  This can happen
  if GCC synthesizes an implicit int declaration for a pointer-returning
  function.

* Alleged code generation bugs because a function returning bool does
  not set the entire register, as expected the caller.  This can happen
  if GCC makes up a function declaration returning int for a function
  that actually returns bool on x86-64.

* Making source-only API transitions away from a particular function is
  surprisingly hard if you still want to provide binary compatibility,
  and not put ugliness like

    #define function_api_v1(arg0, arg1, arg2) \
      DO NOT CALL THIS, USE function_api_v2 instead

  into installed header files (or rely on GCC extensions such as the
  poison pragma).

* Incomplete ports of C extensions to newer Python and Ruby versions
  which still compile and link, but fail at some point during run time
  because they try to call functions that do not exist.  (BIND_NOW
  mitigates that to some extend, but that's mostly a downstream thing.)

These are just a subset of the issues that are escalated to me, and I
don't even work on the compiler for real.  I don't know how much of that
ends up with the real compiler developers, or in how many cases
programmers eventually debug the issue on their own, finally spot the
warning in the build log, and make the connection.

Nowadays I ask for full build logs before I look at anything else, and
given the way we build our applications, we usually have that, so that
is a convenient shortcut.  (For others, it will be buried in some IDE,
and all you can get from them are screenshots.)  But if application
developers poked at the problem with GDB to the point that they can
share disassembly they think that shows a compiler bug, they must have
spent quite some time on it.  If GCC had different defaults, they
wouldn't have to do that, increasing their productivity.

I hope this makes things clearer.  I do think the current GCC defaults
are needlessly frustrating, which is why I spent so much time on proving
(from my perspective) that it should be feasible to change them.

> GCC needs to be proactive, not reactive, without annoying and
> frustrating its user base.  Clang has been making some aggressive
> changes in warnings, but its constituency expects that.  Developers
> who want that experience already will use Clang, so why annoy
> developers who prefer the GCC experience and behavior?

I really would like to keep GCC as the system compiler, but avoid the
hidden costs of the current GCC defaults.

We can get fairly close by injecting appropriate -Werror= options during
the distribution build.  On the other hand, we are already up to about
fifteen recommended compiler flags.  We are looking at adding between
two and four additional -Werror= flags for this.  The optics aren't
great.  In our case, ISVs who do not do RPM builds would have to
replicate and maintain this flag list in their own build environments
because they wouldn't benefit from the distribution default flags.  I'm
worried all this looks rather unprofessional.

> The new warnings and errors help some developers and improve software
> security, but also drive some developers away, or at least cause them
> to reass their choice of toolchain.

That goes in the other direction as well, I think.  Developers are
pressured to use languages which are generally perceived to offer more
type safety.  Here we have a few cases where we could increase the type
safety of C, without having to switch to a completely different
language.

I don't think C is as static as used to be, by the way.  C2X (and glibc
before that, especially with _GNU_SOURCE) is adding lots of widely-used
identifiers to existing headers, so that will cause some breakage, too.
The C2X changes seem to conflict with keeping GCC as the 90s C compiler
(at least by default).

And g++ regularly fixes language and header conformance issues as bugs,
not treating them as perpetually supported extensions.  The resulting
churn does not seem to have hurt adoption of C++ or g++.

Thanks,
Florian


  parent reply	other threads:[~2023-05-09 18:22 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-09 12:15 More C type errors by default for GCC 14 Florian Weimer
2023-05-09 15:16 ` Richard Biener
2023-05-09 16:05   ` Jakub Jelinek
2023-05-09 16:11     ` Sam James
2023-05-09 16:59   ` Florian Weimer
2023-05-09 17:07     ` Sam James
2023-05-09 17:35       ` Florian Weimer
     [not found] ` <CAGWvnykoEtT0BQtuN70DN6tWohtf=Mm7SW55psZvVmj3OvKUEg@mail.gmail.com>
2023-05-09 15:07   ` Sam James
2023-05-09 15:14   ` Jonathan Wakely
     [not found]     ` <20230509102201.6aa2a7d14fdb2f1e7abff449@killthe.net>
     [not found]       ` <87r0rp5uf8.fsf@aarsen.me>
     [not found]         ` <83ttwla1ep.fsf@gnu.org>
     [not found]           ` <CAH6eHdS-7USHzX3rPJaR66sEdjG+-nHp7mDb0gD7ceBnp+Fmpg@mail.gmail.com>
     [not found]             ` <83lehx9vix.fsf@gnu.org>
     [not found]               ` <ZFqZ25xKm4w4IkqF@tucnak>
     [not found]                 ` <83fs859unu.fsf@gnu.org>
     [not found]                   ` <CAGWvny=xi++Ghyo2Ez5MJdYy5h3yH16gVpviKC99Ufu_bUmdYQ@mail.gmail.com>
     [not found]                     ` <CAH6eHdRAVwBcCmBgiuPyQNWGx3x33diAgQU8UG3s_NrJxK3ucQ@mail.gmail.com>
     [not found]                       ` <CAGWvnyk_MkQOrNNh1C=ubPj8qzg5x-p8CBfgWNqqtDVJ1mbhMg@mail.gmail.com>
     [not found]                         ` <CAF9ehCWsq-N9+U1+mTQahKT7cXEqLTptLb=b3Yq58gsWFEnxgA@mail.gmail.com>
     [not found]                           ` <CAH6eHdS_sQ37VTpJHL7cqtgSdCSL3i4=tqMoY65wep9G56cf5g@mail.gmail.com>
     [not found]                             ` <CAMfHzOsR=gY6QTss2R029Q-uMOTpC-RDV09bEF2FO7x5jpy5gg@mail.gmail.com>
2023-05-10 10:45                               ` Sam James
2023-05-10 10:56                                 ` Neal Gompa
2023-05-10 12:06                                   ` Eli Zaretskii
2023-05-10 12:10                                     ` Neal Gompa
2023-05-10 12:41                                       ` Eli Zaretskii
2023-05-09 18:22   ` Florian Weimer [this message]
2023-05-11 21:32     ` Segher Boessenkool
2023-05-12  9:33 ` Martin Jambor
2023-05-12 12:30   ` Jakub Jelinek
2023-05-15 12:46     ` Michael Matz
2023-05-15 13:14     ` Richard Earnshaw (lists)
     [not found] <CAGWvnynMpa83AduLhRhf1PxkVujngDmmwE7Z4vk1z6+UqqAuKA@mail.gmail.com>
     [not found] ` <BBE9950C-28AA-4A1C-A4C5-7F486538004E@gmail.com>
2023-05-09 16:44   ` Florian Weimer
2023-05-09 16:58     ` Ian Lance Taylor
2023-05-09 17:08     ` Jason Merrill
2023-05-09 17:16       ` Sam James

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cz394b63.fsf@oldenburg.str.redhat.com \
    --to=fweimer@redhat.com \
    --cc=c-std-porting@lists.linux.dev \
    --cc=dje.gcc@gmail.com \
    --cc=gcc@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).