Shostack + Friends Blog Archive


Ranum on the root of the problem

Marcus Ranum writes a good article for ACM Queue, in which he points out that better tools to improve languages can help. I take issue with his claim that better languages can’t help. Java, because of its string representation, is harder to mess up with than C. Its not perfect, and no useful language can solve the entire problem.

Richard at Taosecurity propagates the myth of -Wall. Things are about to get (deeply) technical, follow the jump if you know what -Wall means.

In a nutshell, the person who named -Wall needs gob-smacking. It does not run all tests. Hello? All is not everything?

For example, if we take this code:

int main() {
int x;
unsigned int y;
if (y < x) {
printf("first if");  }
if ( y < 0) {
printf ("second if");  }
if ( 0 > y ) {
printf ("third if");  }
return 0;

and save it as sc.c.

Do you see the problem? Comparing signed and unsigned ints? -Wall doesn’t. But if we add a -W, (which as I understand it, stands for “We really mean it!”), we get some warnings!

$ gcc -Wall sc.c
$ gcc -W -Wall sc.c
sc.c: In function `main':
sc.c:8: warning: comparison between signed and unsigned
sc.c:10: warning: comparison of unsigned expression < 0 is always false
sc.c:12: warning: comparison of unsigned expression < 0 is always false

Pretty cool? In a lot of ways, the tools are out there. We just need better ways of ensuring they're used. More reflections on this topic will be a feature here.

2 comments on "Ranum on the root of the problem"

  • David Mortman says:

    So this inspired me to reread the man page for gcc for the first time in like 10 years. I discovered a whole slew of things not included in -Wall including -Wformat-nonliteral and -Wformat-security, which seem like important features

  • adam says:

    …switch-default, cast-align, strict-prototypes….

Comments are closed.