Git https://git.stealer.net/cgit.cgi/user/sven/git.git/atom?h=v2.26.0-rc2 2020-02-28T16:39:45Z 2020-02-28T16:39:45Z Jeff King peff@peff.net 2020-02-27T23:54:45Z urn:sha1:7329d94be72654f7f211e1bfa5ce3dd6fd2dc1fa We recently triggered some -Wformat-zero-length warnings in the code, but no developers noticed because we suppress that warning in builds with the DEVELOPER=1 Makefile knob set. But we _don't_ suppress them in a non-developer build (and they're part of -Wall). So even though non-developers probably aren't using -Werror, they see the annoying warnings when they build. We've had back and forth discussion over the years on whether this warning is useful or not. In most cases we've seen, it's not true that the call is a mistake, since we're using its side effects (like adding a newline status_printf_ln()) or writing an empty string to a destination which is handled by the function (as in write_file()). And so we end up working around it in the source by passing ("%s", ""). There's more discussion in the subthread starting at: https://lore.kernel.org/git/xmqqtwaod7ly.fsf@gitster.mtv.corp.google.com/ The short of it is that we probably can't just disable the warning for everybody because of portability issues. And ignoring it for developers puts us in the situation we're in now, where non-dev builds are annoyed. Since the workaround is both rarely needed and fairly straight-forward, let's just commit to doing it as necessary, and re-enable the warning. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2019-02-24T15:35:07Z Ævar Arnfjörð Bjarmason avarab@gmail.com 2019-02-22T14:41:27Z urn:sha1:6d5d4b4e9326021f080508126be38ea1beaba6aa Ever since the DEVELOPER=1 facility introduced there's been no way to have custom CFLAGS (e.g. CFLAGS="-O0 -g -ggdb3") while still benefiting from the set of warnings and assertions DEVELOPER=1 enables. This is because the semantics of variables in the Makefile are such that the user setting CFLAGS overrides anything we set, including what we're doing in config.mak.dev[1]. So let's introduce a "DEVELOPER_CFLAGS" variable in config.mak.dev and add it to ALL_CFLAGS. Before this the ALL_CFLAGS variable would (basically, there's some nuance we won't go into) be set to: $(CPPFLAGS) [$(CFLAGS) *or* $(CFLAGS) in config.mak.dev] $(BASIC_CFLAGS) $(EXTRA_CPPFLAGS) But will now be: $(DEVELOPER_CFLAGS) $(CPPFLAGS) $(CFLAGS) $(BASIC_CFLAGS) $(EXTRA_CPPFLAGS) The reason for putting DEVELOPER_CFLAGS first is to allow for selectively overriding something DEVELOPER=1 brings in. On both GCC and Clang later settings override earlier ones. E.g. "-Wextra -Wno-extra" will enable no "extra" warnings, but not if those two arguments are reversed. Examples of things that weren't possible before, but are now: # Use -O0 instead of -O2 for less painful debuggng DEVELOPER=1 CFLAGS="-O0 -g" # DEVELOPER=1 plus -Wextra, but disable some of the warnings DEVELOPER=1 DEVOPTS="no-error extra-all" CFLAGS="-O0 -g -Wno-unused-parameter" The reason for the patches leading up to this one re-arranged the various *FLAGS assignments and includes is just for readability. The Makefile supports assignments out of order, e.g.: $ cat Makefile X = $(A) $(B) $(C) A = A B = B include c.mak all: @echo $(X) $ cat c.mak C=C $ make A B C So we could have gotten away with the much smaller change of changing "CFLAGS" in config.mak.dev to "DEVELOPER_CFLAGS" and adding that to ALL_CFLAGS earlier in the Makefile "before" the config.mak.* includes. But I think it's more readable to use variables "after" they're included. 1. https://www.gnu.org/software/make/manual/html_node/Overriding.html Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2019-01-18T21:49:55Z Junio C Hamano gitster@pobox.com 2019-01-18T21:49:55Z urn:sha1:74ae0652c4736629db9c97f7a3ac7cebedaeae10 Earlier we added "-Wformat-security" to developer builds, assuming that "-Wall" (which includes "-Wformat" which in turn is required to use "-Wformat-security") is always in effect. This is not true when config.mak.autogen is in use, unfortunately. This has been fixed by unconditionally adding "-Wall" to developer builds. * jk/dev-build-format-security: config.mak.dev: add -Wall, primarily for -Wformat, to help autoconf users 2019-01-07T17:02:08Z Thomas Gummerer t.gummerer@gmail.com 2018-10-12T18:40:37Z urn:sha1:6163f3f1a4288a6a17d2e3cdee4391b25ef09edd 801fa63a90 ("config.mak.dev: add -Wformat-security", 2018-09-08) added the "-Wformat-security" to the flags set in config.mak.dev. In the gcc man page this is documented as: If -Wformat is specified, also warn about uses of format functions that represent possible security problems. [...] The commit did however not add the "-Wformat" flag, but instead relied on the fact that "-Wall" is set in the Makefile by default and that "-Wformat" is part of "-Wall". Unfortunately, those who use config.mak.autogen generated with the autoconf to configure toolchain do *not* get "-Wall" in their CFLAGS and the added -Wformat-security had no effect. Worse yet, newer versions of gcc (gcc 8.2.1 in this particular case) warn about the lack of "-Wformat" and thus compilation fails only with this option set. We could fix it by adding "-Wformat", but in general we do want all checks included in "-Wall", so let's add it to config.mak.dev to cover more cases. Signed-off-by: Thomas Gummerer <t.gummerer@gmail.com> Helped-by: Jeff King <peff@peff.net> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-10-30T06:43:46Z Junio C Hamano gitster@pobox.com 2018-10-30T06:43:46Z urn:sha1:c5cde07a71b5629ecdf5fe41adf41c942743fff5 Developer support. * jk/unused-function: config.mak.dev: enable -Wunused-function 2018-10-19T01:24:11Z Jeff King peff@peff.net 2018-10-18T07:05:22Z urn:sha1:36da893114e02b7f0a8ac5eeb5114dec129a4027 We explicitly omitted -Wunused-function when we added -Wextra, but there is no need: the current code compiles cleanly with it. And it's worth having, since it can let you know when there are cascading effects from a cleanup (e.g., deleting one function lets you delete its static helpers). There are cases where we may need an unused function to exist, but we can handle these easily: - macro-generated code like commit-slab; there we have the MAYBE_UNUSED annotation to silence the compiler - conditional compilation, where we may or may not need a static helper. These generally fall into one of two categories: - the call should not be conditional, but rather the function body itself should be (and may just be a no-op on one side of the #if). That keeps the conditional pollution out of the main code. - call-chains of static helpers should all be in the same #if block, so they are all-or-nothing And if there's some case that doesn't cover, we still have MAYBE_UNUSED as a fallback. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-09-24T17:30:49Z Junio C Hamano gitster@pobox.com 2018-09-24T17:30:49Z urn:sha1:2bdbe4a2c376ce2d7e8b056b70ce4f1ce92e2d15 Build tweak to help developers. * jk/dev-build-format-security: config.mak.dev: add -Wformat-security 2018-09-11T19:50:21Z Jeff King peff@peff.net 2018-09-08T16:23:31Z urn:sha1:801fa63a90e3619c91e0bb3e7a28140e6d31a097 We currently build cleanly with -Wformat-security, and it's a good idea to make sure we continue to do so (since calls that trigger the warning may be security vulnerabilities). Note that we cannot use the stronger -Wformat-nonliteral, as there are case where we are clever with passing around pointers to string literals. E.g., bisect_rev_setup() takes bad_format and good_format parameters. These ultimately come from literals, but they still trigger the warning. Some of these might be fixable (e.g., by passing flags from which we locally select a format), and might even be worth fixing (not because of security, but just because it's an easy mistake to pass the wrong format). But there are other cases which are likely quite hard to fix (we actually generate formats in a local buffer in some cases). So let's punt on that for now and start with -Wformat-security, which is supposed to catch the most important cases. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-07-25T16:52:32Z Beat Bolli dev+git@drbeat.li 2018-07-24T19:26:43Z urn:sha1:729b3925ed962565e0d6cc144a4235fdf9a6aa85 In the interest of code hygiene, make it easier to compile Git with the flag -pedantic. Pure pedantic compilation with GCC 7.3 results in one warning per use of the translation macro `N_`: warning: array initialized from parenthesized string constant [-Wpedantic] Therefore also disable the parenthesising of i18n strings with -DUSE_PARENS_AROUND_GETTEXT_N=0. Signed-off-by: Beat Bolli <dev+git@drbeat.li> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2018-04-16T04:54:53Z Ævar Arnfjörð Bjarmason avarab@gmail.com 2018-04-14T19:19:46Z urn:sha1:26d2e4fb227c1415011a136fa9bb881ee338118a Change DEVOPTS to understand a "extra-all" option. When the DEVELOPER flag is enabled we turn on -Wextra, but manually switch some of the warnings it turns on off. This is because we have many existing occurrences of them in the code base. This mode will stop the suppression, let the developer see and decide whether to fix them. This change is a slight alteration of Nguyễn Thái Ngọc Duy EAGER_DEVELOPER mode patch[1] 1. "[PATCH v3 3/3] Makefile: add EAGER_DEVELOPER mode" (<20180329150322.10722-4-pclouds@gmail.com>; https://public-inbox.org/git/20180329150322.10722-4-pclouds@gmail.com/) Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>