<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, May 17, 2018 at 1:36 AM, JF Bastien <span dir="ltr"><<a href="mailto:jfbastien@apple.com" target="_blank">jfbastien@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space"><br><div><div><div class="h5"><blockquote type="cite"><div>On May 16, 2018, at 10:15 PM, Hubert Tong via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>> wrote:</div><br class="m_-3301285794651543777Apple-interchange-newline"><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, May 11, 2018 at 7:26 PM, Shoaib Meenai via cfe-dev <span dir="ltr"><<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="m_-3301285794651543777gmail-m_-9064138958871621122WordSection1"><span style="font-size:11pt"> Of course, we should also ensure that the optimizer doesn't do anything surprising when there's a type mismatch between the specifier and the argument but both types have the same size and alignment (i.e., the case where the relaxed format warning won't fire),
both now and in the future.</span>
</div></div></blockquote><div><div>The "contract" for the format string and the corresponding argument
is as described elsewhere in the thread, and it is rather more interesting for scanf than not. GCC's implementation technology is
apparently able to optimize (at -O2 and up, at least when targeting
powerpc64le-linux-gnu) the check feeding the abort() in the following to
not observe the write performed in the ersatz scanf():<br><span style="font-family:monospace,monospace">#include <stdarg.h><br>void abort(void);<br>int strcmp(const char *, const char *);<br><br>typedef int Type;<br>typedef long NType;<br><br>int myvscanf(const char *const fmt, va_list ap) {<br> if (strcmp(fmt, "%ld") != 0) { return 0; }<br><br> NType *const p = va_arg(ap, NType *);<br> *p = 42;<br> return 1;<br>}<br><br>__attribute__((__format__(__<wbr>scanf__, 2, 3)))<br>__attribute__((__noinline__, __noclone__))<br>void updateStatusFromPipe(Type *statusp, const char *const fmt, ...) {<br> va_list ap;<br> va_start(ap, fmt);<br> int ret = 0;<br> if (*statusp == 0) {<br> ret = myvscanf(fmt, ap);<br> }<br> va_end(ap);<br> if (ret >= 1 && *statusp != 0) abort();<br>}<br><br>int main(void) {<br> Type status = 0;<br> updateStatusFromPipe(&status, "%ld", &status);<br>}</span> <br></div><div><br></div>The "now or in the future" sounds like needing to do "worse" or
"better" than what GCC is doing to avoid "anything surprising", because
"on par" with GCC fits the bill for something "surprising". Which is to
say that, in my opinion, there is no avoiding "something surprising" "in the future" on code that the proposed relaxation is letting slip through.<br><br></div><div>TL;DR: Please don't change the default.<br></div></div></div></div></div></blockquote><div><br></div></div></div><div>The default has changed recently. We’re making the case that parts should be relegated to their own flag.</div><div><br></div><div>Your argument ignores the prerogative that platforms have in providing additional guarantees. NSInteger has that guarantee on Darwin platforms, it should be honored. I further don’t see how optimizing printf as you seem to suggest could be possible is ever useful or desirable.</div></div></div></blockquote><div>Why is changing the behaviour for "everyone" for possible guarantees on some platforms the approach as opposed to adjusting the warning based on the guarantees that the target to known to provide?<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space"><div><span class=""><div><br></div><br><blockquote type="cite"><div>
______________________________<wbr>_________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br><a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/cfe-dev</a><br></div></blockquote></span></div><br></div></blockquote></div><br></div></div>