config.mak.dev: add -Wformat
diff mbox series

Message ID 20181012184037.15076-1-t.gummerer@gmail.com
State New
Headers show
Series
  • config.mak.dev: add -Wformat
Related show

Commit Message

Thomas Gummerer Oct. 12, 2018, 6:40 p.m. UTC
801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
the -Wformat-security to the flags set in config.mak.dev.  In the gcc
man page this is documented as:

         If -Wformat is specified, also warn about uses of format
         functions that represent possible security problems.  [...]

That commit did however not add the -Wformat flag, and -Wformat is not
specified anywhere else by default, so the added -Wformat-security had
no effect.  Newer versions of gcc (gcc 8.2.1 in this particular case)
warn about this and thus compilation fails with this option set.

Fix that, and make -Wformat-security actually useful by adding the
-Wformat flag as well.  git compiles cleanly with both these flags
applied.

Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
---

Sorry for not catching this before the patch made it to next.  

 config.mak.dev | 1 +
 1 file changed, 1 insertion(+)

Comments

Jeff King Oct. 12, 2018, 6:45 p.m. UTC | #1
On Fri, Oct 12, 2018 at 07:40:37PM +0100, Thomas Gummerer wrote:

> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
> the -Wformat-security to the flags set in config.mak.dev.  In the gcc
> man page this is documented as:
> 
>          If -Wformat is specified, also warn about uses of format
>          functions that represent possible security problems.  [...]
> 
> That commit did however not add the -Wformat flag, and -Wformat is not
> specified anywhere else by default, so the added -Wformat-security had
> no effect.  Newer versions of gcc (gcc 8.2.1 in this particular case)
> warn about this and thus compilation fails with this option set.
> 
> Fix that, and make -Wformat-security actually useful by adding the
> -Wformat flag as well.  git compiles cleanly with both these flags
> applied.

-Wformat is part of -Wall, which we already turn on by default (even for
non-developer builds).

So I don't think we need to do anything more, though I'm puzzled that
you saw a failure. Do you set CFLAGS explicitly in your config.mak to
something that doesn't include -Wall?

I'm not opposed to making config.mak.dev a bit more redundant to handle
this case, but we'd probably want to include all of -Wall, since it
contains many other warnings we'd want to make sure are enabled.

-Peff
Jonathan Nieder Oct. 12, 2018, 6:54 p.m. UTC | #2
Jeff King wrote:
> On Fri, Oct 12, 2018 at 07:40:37PM +0100, Thomas Gummerer wrote:

>> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
>> the -Wformat-security to the flags set in config.mak.dev.  In the gcc
>> man page this is documented as:
>>
>>          If -Wformat is specified, also warn about uses of format
>>          functions that represent possible security problems.  [...]
>>
>> That commit did however not add the -Wformat flag, and -Wformat is not
>> specified anywhere else by default, so the added -Wformat-security had
>> no effect.  Newer versions of gcc (gcc 8.2.1 in this particular case)
>> warn about this and thus compilation fails with this option set.
[...]
> -Wformat is part of -Wall, which we already turn on by default (even for
> non-developer builds).
>
> So I don't think we need to do anything more, though I'm puzzled that
> you saw a failure. Do you set CFLAGS explicitly in your config.mak to
> something that doesn't include -Wall?

Thomas, do you use autoconf to generate config.mak.autogen?  I'm
wondering if that produces a CFLAGS that doesn't include -Wall.

> I'm not opposed to making config.mak.dev a bit more redundant to handle
> this case, but we'd probably want to include all of -Wall, since it
> contains many other warnings we'd want to make sure are enabled.

Do you mean putting -Wall instead of -Wformat?

Should we add -Wextra too?  From a quick test, it seems to build okay.

Thanks,
Jonathan
Jeff King Oct. 12, 2018, 7:11 p.m. UTC | #3
On Fri, Oct 12, 2018 at 11:54:50AM -0700, Jonathan Nieder wrote:

> > I'm not opposed to making config.mak.dev a bit more redundant to handle
> > this case, but we'd probably want to include all of -Wall, since it
> > contains many other warnings we'd want to make sure are enabled.
> 
> Do you mean putting -Wall instead of -Wformat?

Yes.

> Should we add -Wextra too?  From a quick test, it seems to build okay.

We already do (though we have to then manually disable a few warnings
that we're not ready for -- see config.mak.dev).

-Peff
Thomas Gummerer Oct. 12, 2018, 7:15 p.m. UTC | #4
On 10/12, Jonathan Nieder wrote:
> Jeff King wrote:
> > On Fri, Oct 12, 2018 at 07:40:37PM +0100, Thomas Gummerer wrote:
> 
> >> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
> >> the -Wformat-security to the flags set in config.mak.dev.  In the gcc
> >> man page this is documented as:
> >>
> >>          If -Wformat is specified, also warn about uses of format
> >>          functions that represent possible security problems.  [...]
> >>
> >> That commit did however not add the -Wformat flag, and -Wformat is not
> >> specified anywhere else by default, so the added -Wformat-security had
> >> no effect.  Newer versions of gcc (gcc 8.2.1 in this particular case)
> >> warn about this and thus compilation fails with this option set.
> [...]
> > -Wformat is part of -Wall, which we already turn on by default (even for
> > non-developer builds).
> >
> > So I don't think we need to do anything more, though I'm puzzled that
> > you saw a failure. Do you set CFLAGS explicitly in your config.mak to
> > something that doesn't include -Wall?

Whoops embarrassing.  I had this set in my config.mak:

    CFLAGS = -O$(O) -g $(EXTRA_CFLAGS)

What happened is that I had included -Wall in an old config.mak that I
copied from Thomas Rast when I started with my GSoC project.  Then
when "DEVELOPER=1" came around I switched to that at some point and
just removed everything from CFLAGS, except the possibility to
override the optimization level, the ability to add extra flags and
including debug symbols, but failed to notice that I had lost -Wall.

Maybe it would still be a good to add -Wall to avoid the surprise for
others.  But then again if someone overrides CFLAGS they should at
least check better what they're overriding ;)

> Thomas, do you use autoconf to generate config.mak.autogen?  I'm
> wondering if that produces a CFLAGS that doesn't include -Wall.

No, this was all my mistake :)

> > I'm not opposed to making config.mak.dev a bit more redundant to handle
> > this case, but we'd probably want to include all of -Wall, since it
> > contains many other warnings we'd want to make sure are enabled.
> 
> Do you mean putting -Wall instead of -Wformat?
> 
> Should we add -Wextra too?  From a quick test, it seems to build okay.

We do have that with setting DEVELOPER=extra-all.

> Thanks,
> Jonathan
Jonathan Nieder Dec. 27, 2018, 6:59 p.m. UTC | #5
+cc: Masaya Suzuki
In October, Thomas Gummerer wrote:
> On 10/12, Jonathan Nieder wrote:
>> Jeff King wrote:
>>> On Fri, Oct 12, 2018 at 07:40:37PM +0100, Thomas Gummerer wrote:

>>>> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added
>>>> the -Wformat-security to the flags set in config.mak.dev.  In the gcc
>>>> man page this is documented as:
>>>>
>>>>          If -Wformat is specified, also warn about uses of format
>>>>          functions that represent possible security problems.  [...]
>>>>
>>>> That commit did however not add the -Wformat flag, and -Wformat is not
>>>> specified anywhere else by default, so the added -Wformat-security had
>>>> no effect.  Newer versions of gcc (gcc 8.2.1 in this particular case)
>>>> warn about this and thus compilation fails with this option set.
>> [...]
>>> -Wformat is part of -Wall, which we already turn on by default (even for
>>> non-developer builds).
[...]
>> Thomas, do you use autoconf to generate config.mak.autogen?  I'm
>> wondering if that produces a CFLAGS that doesn't include -Wall.
>
> No, this was all my mistake :)

As discussed in [1], autoconf appears to not put -Wall in CFLAGS:

 $ make configure
     GEN configure
 $ ./configure
[...]
 config.status: creating config.mak.autogen
 config.status: executing config.mak.autogen commands
 $ grep CFLAGS config.mak.autogen
 CFLAGS = -g -O2
 PTHREAD_CFLAGS=-pthread

So this trap for the unwary is still around.

Can we revive this patch?  Does it just need a clearer commit message,
or were there other objections?

>>> I'm not opposed to making config.mak.dev a bit more redundant to handle
>>> this case, but we'd probably want to include all of -Wall, since it
>>> contains many other warnings we'd want to make sure are enabled.
>>
>> Do you mean putting -Wall instead of -Wformat?
>>
>> Should we add -Wextra too?  From a quick test, it seems to build okay.
>
> We do have that with setting DEVELOPER=extra-all.

Even better.  What do you think of making DEVELOPER=YesPlease imply
that?

Thanks,
Jonathan

[1] https://public-inbox.org/git/CAJB1erVmZQd_kLU1fqL7cURrEUz2EJ4Br0kgVQt7T-mk3s95dQ@mail.gmail.com/
Junio C Hamano Jan. 3, 2019, 4:55 p.m. UTC | #6
Jonathan Nieder <jrnieder@gmail.com> writes:

> In October, Thomas Gummerer wrote:
>> On 10/12, Jonathan Nieder wrote:
>>> Jeff King wrote:
>>> ...
>>>> -Wformat is part of -Wall, which we already turn on by default (even for
>>>> non-developer builds).
> ...
> As discussed in [1], autoconf appears to not put -Wall in CFLAGS:
>
>  $ make configure
>      GEN configure
>  $ ./configure
> [...]
>  config.status: creating config.mak.autogen
>  config.status: executing config.mak.autogen commands
>  $ grep CFLAGS config.mak.autogen
>  CFLAGS = -g -O2
>  PTHREAD_CFLAGS=-pthread
>
> So this trap for the unwary is still around.
>
> Can we revive this patch?  Does it just need a clearer commit message,
> or were there other objections?

I think it is a good idea to give fallback/redundancy for this
case.  I do not have strong opinion between -Wall and -Wformat,
but I'd probably vote for the former if pressed.

-- >8 --
From: Thomas Gummerer <t.gummerer@gmail.com>
Date: Fri, 12 Oct 2018 19:40:37 +0100
Subject: [PATCH] config.mak.dev: add -Wformat

801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08)
added the "-Wformat-security" to the flags set in config.mak.dev.
In the gcc man page this is documented as:

         If -Wformat is specified, also warn about uses of format
         functions that represent possible security problems.  [...]

The commit did however not add the "-Wformat" flag, but instead
relied on the fact that "-Wall" is set in the Makefile by default
and that "-Wformat" is part of "-Wall".

Unfortunately, those who use config.mak.autogen generated with the
autoconf to configure toolchain do *not* get "-Wall" in their CFLAGS
and the added -Wformat-security had no effect.  Worse yet, newer
versions of gcc (gcc 8.2.1 in this particular case) warn about the
lack of "-Wformat" and thus compilation fails only with this option
set.

We could fix it by adding "-Wformat", but in general we do want all
checks included in "-Wall", so let's add it to config.mak.dev to
cover more cases.

Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
Helped-by: Jeff King <peff@peff.net>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
[jc: s/-Wformat/-Wall/]
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 config.mak.dev | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.mak.dev b/config.mak.dev
index bfbd3df4e8..74337f1f92 100644
--- a/config.mak.dev
+++ b/config.mak.dev
@@ -1,6 +1,7 @@
 ifeq ($(filter no-error,$(DEVOPTS)),)
 CFLAGS += -Werror
 endif
+CFLAGS += -Wall
 CFLAGS += -Wdeclaration-after-statement
 CFLAGS += -Wformat-security
 CFLAGS += -Wno-format-zero-length
Jonathan Nieder Jan. 3, 2019, 6:54 p.m. UTC | #7
Hi,

Junio C Hamano wrote:

> I think it is a good idea to give fallback/redundancy for this
> case.  I do not have strong opinion between -Wall and -Wformat,
> but I'd probably vote for the former if pressed.
>
> -- >8 --
> From: Thomas Gummerer <t.gummerer@gmail.com>
> Date: Fri, 12 Oct 2018 19:40:37 +0100
> Subject: [PATCH] config.mak.dev: add -Wformat
>
> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08)
> added the "-Wformat-security" to the flags set in config.mak.dev.
> In the gcc man page this is documented as:
>
>          If -Wformat is specified, also warn about uses of format
>          functions that represent possible security problems.  [...]
>
> The commit did however not add the "-Wformat" flag, but instead
> relied on the fact that "-Wall" is set in the Makefile by default
> and that "-Wformat" is part of "-Wall".
>
> Unfortunately, those who use config.mak.autogen generated with the
> autoconf to configure toolchain do *not* get "-Wall" in their CFLAGS
> and the added -Wformat-security had no effect.  Worse yet, newer
> versions of gcc (gcc 8.2.1 in this particular case) warn about the
> lack of "-Wformat" and thus compilation fails only with this option
> set.
>
> We could fix it by adding "-Wformat", but in general we do want all
> checks included in "-Wall", so let's add it to config.mak.dev to
> cover more cases.
>
> Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
> Helped-by: Jeff King <peff@peff.net>
> Helped-by: Jonathan Nieder <jrnieder@gmail.com>
> [jc: s/-Wformat/-Wall/]
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
>  config.mak.dev | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>

Thanks for tying up this loose end.
Thomas Gummerer Jan. 6, 2019, 6:17 p.m. UTC | #8
On 01/03, Junio C Hamano wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:
> 
> > In October, Thomas Gummerer wrote:
> >> On 10/12, Jonathan Nieder wrote:
> >>> Jeff King wrote:
> >>> ...
> >>>> -Wformat is part of -Wall, which we already turn on by default (even for
> >>>> non-developer builds).
> > ...
> > As discussed in [1], autoconf appears to not put -Wall in CFLAGS:
> >
> >  $ make configure
> >      GEN configure
> >  $ ./configure
> > [...]
> >  config.status: creating config.mak.autogen
> >  config.status: executing config.mak.autogen commands
> >  $ grep CFLAGS config.mak.autogen
> >  CFLAGS = -g -O2
> >  PTHREAD_CFLAGS=-pthread
> >
> > So this trap for the unwary is still around.
> >
> > Can we revive this patch?  Does it just need a clearer commit message,
> > or were there other objections?
> 
> I think it is a good idea to give fallback/redundancy for this
> case.  I do not have strong opinion between -Wall and -Wformat,
> but I'd probably vote for the former if pressed.

Just catching up after some time off over Christmas, thanks for tying
this up!

I agree with the choice of adding -Wall to the CFLAGS here, so even if
it is not added to the CFLAGS generated by autoconf (or in mnually set
up CFLAGS such as in my original case), we still get a complete set of
warnings when DEVELOPER=YesPlease is set.

> -- >8 --
> From: Thomas Gummerer <t.gummerer@gmail.com>
> Date: Fri, 12 Oct 2018 19:40:37 +0100
> Subject: [PATCH] config.mak.dev: add -Wformat
> 
> 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08)
> added the "-Wformat-security" to the flags set in config.mak.dev.
> In the gcc man page this is documented as:
> 
>          If -Wformat is specified, also warn about uses of format
>          functions that represent possible security problems.  [...]
> 
> The commit did however not add the "-Wformat" flag, but instead
> relied on the fact that "-Wall" is set in the Makefile by default
> and that "-Wformat" is part of "-Wall".
> 
> Unfortunately, those who use config.mak.autogen generated with the
> autoconf to configure toolchain do *not* get "-Wall" in their CFLAGS
> and the added -Wformat-security had no effect.  Worse yet, newer
> versions of gcc (gcc 8.2.1 in this particular case) warn about the
> lack of "-Wformat" and thus compilation fails only with this option
> set.
> 
> We could fix it by adding "-Wformat", but in general we do want all
> checks included in "-Wall", so let's add it to config.mak.dev to
> cover more cases.
> 
> Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com>
> Helped-by: Jeff King <peff@peff.net>
> Helped-by: Jonathan Nieder <jrnieder@gmail.com>
> [jc: s/-Wformat/-Wall/]
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
>  config.mak.dev | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/config.mak.dev b/config.mak.dev
> index bfbd3df4e8..74337f1f92 100644
> --- a/config.mak.dev
> +++ b/config.mak.dev
> @@ -1,6 +1,7 @@
>  ifeq ($(filter no-error,$(DEVOPTS)),)
>  CFLAGS += -Werror
>  endif
> +CFLAGS += -Wall
>  CFLAGS += -Wdeclaration-after-statement
>  CFLAGS += -Wformat-security
>  CFLAGS += -Wno-format-zero-length
> -- 
> 2.20.1-2-gb21ebb671b
>
Junio C Hamano Jan. 7, 2019, 5:04 p.m. UTC | #9
Thomas Gummerer <t.gummerer@gmail.com> writes:

> I agree with the choice of adding -Wall to the CFLAGS here, so even if
> it is not added to the CFLAGS generated by autoconf (or in mnually set
> up CFLAGS such as in my original case), we still get a complete set of
> warnings when DEVELOPER=YesPlease is set.
>
>> -- >8 --
>> From: Thomas Gummerer <t.gummerer@gmail.com>
>> Date: Fri, 12 Oct 2018 19:40:37 +0100
>> Subject: [PATCH] config.mak.dev: add -Wformat

Thanks.  I noticed, before merging the topic to 'next', that I
needed to retitle this further.  I'd use something like this.

Subject: config.mak.dev: add -Wall to help autoconf users
Jonathan Nieder Jan. 7, 2019, 9:16 p.m. UTC | #10
Junio C Hamano wrote:
> Thomas Gummerer <t.gummerer@gmail.com> writes:

>>> From: Thomas Gummerer <t.gummerer@gmail.com>
>>> Date: Fri, 12 Oct 2018 19:40:37 +0100
>>> Subject: [PATCH] config.mak.dev: add -Wformat
>
> Thanks.  I noticed, before merging the topic to 'next', that I
> needed to retitle this further.  I'd use something like this.
>
> Subject: config.mak.dev: add -Wall to help autoconf users

With that change, it would still be
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>

:)

Thanks.

Patch
diff mbox series

diff --git a/config.mak.dev b/config.mak.dev
index 92d268137f..bf6f943452 100644
--- a/config.mak.dev
+++ b/config.mak.dev
@@ -7,6 +7,7 @@  CFLAGS += -pedantic
 CFLAGS += -DUSE_PARENS_AROUND_GETTEXT_N=0
 endif
 CFLAGS += -Wdeclaration-after-statement
+CFLAGS += -Wformat
 CFLAGS += -Wformat-security
 CFLAGS += -Wno-format-zero-length
 CFLAGS += -Wold-style-definition