Hi. When programming, I'd like to be able to make sure that what I think what the code that I type does, is what I want it to do. Who doesn't? Anyway, since I'm already compiling with most warnings on and I'm linting my code, I'm trying my best to be more sure of it.
There where I find problems that could have been detected by my tools, but weren't, I'd like to make sure that the tools get updated. This prompted me to produce a patch for FreeBSD 5-STABLE's GCC (3.4.2). GCC 3.4.2 takes a shortcut in checking the argument to printf()-like functions with -Wformat. Since arguments to a varargs function smaller than an int are promoted to an int (and floats to double), the check doesn't care what the types originally passed to the function were exactly, as long as after promotion it is good enough. To make things worse, "good enough" here doesn't include checking the signdness. I've made a simple copy-paste patch that makes sure that arguments to those functions are checked _before_ _and_ _after_ the varargs-promotion and that their sign meets the formatstring. Please have a look at it and tell me whether this could be useful for FreeBSD or whether that's a bridge too far... The patch is at http://www.stack.nl/~marcolz/FreeBSD/gcc-printf.patch.txt Besides that, you'll need to include the inttypes.h at http://www.stack.nl/~marcolz/FreeBSD/inttypes.h instead of /usr/include/inttypes.h If you want to compile the kernel with it, make sure to turn of -Werror... (Or install into somewhere else then /usr/libexec and use CFLAGS=-B<otherdir> to gcc to try it out. I know, that other varargs functions' handling isn't modified yet; I just thought I'd start with printf() and see whether it was useful. Please let me know what you think. Marc
pgpeHhqDf4DeN.pgp
Description: PGP signature
