Thread: [PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

[PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

From
Andres Freund
Date:
Hi,

the attached trivial patch allows to compile with -Wtype-limits
-Wempty-body (or -Wextra -Wno-unused-parameter -Wno-sign-compare
-Wno-missing-field-initializers).

As the two fixes seem harmless, that seems to be a good idea. And the
recent "bug" (its not really that, but ...) in walsender.c shows that at
least -Wtype-limits is a sensible warning.

Independently from this patch, should we add -Wtype-limits to the
default parameters?

Greetings,

Andres Freund

--
 Andres Freund                       http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Attachment

Re: [PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

From
Peter Eisentraut
Date:
On Tue, 2013-01-15 at 00:29 +0100, Andres Freund wrote:
> Independently from this patch, should we add -Wtype-limits to the
> default parameters?

I think we have had a discussion along this line before.  I am against
fixing warnings from this option, because those changes would hide
errors if a variable's type changed from signed to unsigned or vice
versa, which could happen because of refactoring or it might be
dependent on system headers.

FWIW, clang has the same warning on by default.  There, it's called
-Wtautological-compare.

I'm less concerned about -Wempty-body, but I can't see the practical use
either way.




Re: [PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

From
Andres Freund
Date:
On 2013-01-14 20:39:05 -0500, Peter Eisentraut wrote:
> On Tue, 2013-01-15 at 00:29 +0100, Andres Freund wrote:
> > Independently from this patch, should we add -Wtype-limits to the
> > default parameters?
> 
> I think we have had a discussion along this line before.  I am against
> fixing warnings from this option, because those changes would hide
> errors if a variable's type changed from signed to unsigned or vice
> versa, which could happen because of refactoring or it might be
> dependent on system headers.

Well, I already found a bug (although with very limited consequences) in
the walsender code and one with graver consequences in code I just
submitted. So I don't really see that being on-par with some potential
future refactoring...

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services



Andres Freund <andres@2ndquadrant.com> writes:
> On 2013-01-14 20:39:05 -0500, Peter Eisentraut wrote:
>> On Tue, 2013-01-15 at 00:29 +0100, Andres Freund wrote:
>>> Independently from this patch, should we add -Wtype-limits to the
>>> default parameters?

>> I think we have had a discussion along this line before.  I am against
>> fixing warnings from this option, because those changes would hide
>> errors if a variable's type changed from signed to unsigned or vice
>> versa, which could happen because of refactoring or it might be
>> dependent on system headers.

> Well, I already found a bug (although with very limited consequences) in
> the walsender code and one with graver consequences in code I just
> submitted. So I don't really see that being on-par with some potential
> future refactoring...

FWIW, I agree with Peter --- in particular, warning against "x >= MIN"
just because MIN happens to be zero and x happens to be unsigned is the
sort of nonsense up with which we should not put.  Kowtowing to that
kind of warning makes the code less robust, not more so.

It's a shame that the compiler writers have not figured this out and
separated misguided pedantry from actually-useful warnings.  If I assign
-1 to an unsigned variable, by all means tell me about *that*.  Don't
tell me your opinion of whether an assertion check is necessary.
        regards, tom lane



Re: [PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

From
Andres Freund
Date:
On 2013-01-14 22:26:39 -0500, Tom Lane wrote:
> Andres Freund <andres@2ndquadrant.com> writes:
> > On 2013-01-14 20:39:05 -0500, Peter Eisentraut wrote:
> >> On Tue, 2013-01-15 at 00:29 +0100, Andres Freund wrote:
> >>> Independently from this patch, should we add -Wtype-limits to the
> >>> default parameters?
> 
> >> I think we have had a discussion along this line before.  I am against
> >> fixing warnings from this option, because those changes would hide
> >> errors if a variable's type changed from signed to unsigned or vice
> >> versa, which could happen because of refactoring or it might be
> >> dependent on system headers.
> 
> > Well, I already found a bug (although with very limited consequences) in
> > the walsender code and one with graver consequences in code I just
> > submitted. So I don't really see that being on-par with some potential
> > future refactoring...
> 
> FWIW, I agree with Peter --- in particular, warning against "x >= MIN"
> just because MIN happens to be zero and x happens to be unsigned is the
> sort of nonsense up with which we should not put.  Kowtowing to that
> kind of warning makes the code less robust, not more so.

Oh, I agree, that warning is pointless in itself.

But in general doing a comparison like > 0 *can* show a programming
error as evidenced e.g. by
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f4b1749a8168893558f70021be4f40c650bbada
and just about the same error I made in xlogdump.

I just think that the price of fixing a single Assert() that hasn't
changed in years where the variable isn't likely to ever get signed is
acceptable.

> It's a shame that the compiler writers have not figured this out and
> separated misguided pedantry from actually-useful warnings.  If I assign
> -1 to an unsigned variable, by all means tell me about *that*.  Don't
> tell me your opinion of whether an assertion check is necessary.

Yea, but I have to admit its damned hard hard to automatically discern
the above actually valid warning and the bogus Assert...

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services



Re: Re: [PATCH] Compile without warning with gcc's -Wtype-limits, -Wempty-body

From
Peter Eisentraut
Date:
On 1/15/13 6:36 AM, Andres Freund wrote:
> I just think that the price of fixing a single Assert() that hasn't
> changed in years where the variable isn't likely to ever get signed is
> acceptable.

Well, once you get past that one change you proposed, you will also find

pg_standby.c: In function 'SetWALFileNameForCleanup':
pg_standby.c:348:3: error: comparison of unsigned expression >= 0 is
always true [-Werror=type-limits]

(which, curiously, is the only one that clang complains about).

I don't like removing safety checks from code when there is no other
mechanism that could make up for it somehow.

I think the best practice at the moment, as with most gcc -Wextra
warnings, is to manually check them once in a while.