diff mbox

Hacks for building on gcc 7 / Fedora 26

Message ID 39dc6b92-dd56-fe33-cd85-92c03d69f133@redhat.com
State New
Headers show

Commit Message

Eric Blake July 17, 2017, 1:48 p.m. UTC 
On 07/17/2017 08:42 AM, Eric Blake wrote:
> On 07/13/2017 08:07 AM, Philippe Mathieu-Daudé wrote:
>> On 04/07/2017 04:21 PM, Philippe Mathieu-Daudé wrote:
>>> Hi Dave,
>>>
>>> On 04/07/2017 11:38 AM, Dr. David Alan Gilbert wrote:
>>>> Hi,
>>>>    Fedora 26 has gcc 7.0.1 which has the normal compliment
>>>> of new fussy warnings; so far I've posted :
>>>>
>>>> tests/check-qdict: Fix missing brackets
>>>> slirp/smb: Replace constant strings by glib string
>>>>
>>>> that fix one actual mistake and work around something it's being
>>>> fussy over.
>>>>
>>>> But I've also got a pile of hacks, attached below that I'm
>>>> not too sure what I'll do with them yet, but they're attached
>>
>> ping ... What do we do with them?
> 
> Well, now that I've upgraded to the just-released Fedora 26, it is now
> mainline gcc and affecting my builds.  So we should really try and find
> patches that silence the warnings (although it counts as bug fixes, so
> it won't hurt if it doesn't make tomorrow's freeze deadline).

FWIW, most of these have been fixed in the meantime; the only remaining
hack I had to add was:

     } else {
         snprintf(downstream->path, sizeof(downstream->path), "%d", portnr);

Gerd, MAINTAINERS lists you; can you come up with something more robust?

Comments

Gerd Hoffmann July 17, 2017, 2:16 p.m. UTC | #1 
Hi,

> FWIW, most of these have been fixed in the meantime; the only
> remaining
> hack I had to add was:
> 
> diff --git i/hw/usb/bus.c w/hw/usb/bus.c
> index 5939b273b9..bce011058b 100644
> --- i/hw/usb/bus.c
> +++ w/hw/usb/bus.c
> @@ -407,8 +407,9 @@ void usb_register_companion(const char
> *masterbus,
> USBPort *ports[],
>  void usb_port_location(USBPort *downstream, USBPort *upstream, int
> portnr)
>  {
>      if (upstream) {
> -        snprintf(downstream->path, sizeof(downstream->path),
> "%s.%d",
> -                 upstream->path, portnr);
> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> "%s.%d",
> +                         upstream->path, portnr);
> +        assert(l < sizeof(downstream->path));

Approach looks ok to me.

Maximum hub chain length is 5, number of ports hubs is limited too,
you'll never need more that two digits for port numbers.  So 2*5 plus 4
connecting dots => 14 chars is the max strlen.  path size is 16, so it
will fit, including the terminating \0.

Trying things like "assert(portnr <= 99)" have no effect on the
possible string length calculated by gcc7.

cheers,
  Gerd
Eric Blake July 17, 2017, 3:04 p.m. UTC | #2 
On 07/17/2017 09:16 AM, Gerd Hoffmann wrote:
>   Hi,
> 
>> FWIW, most of these have been fixed in the meantime; the only
>> remaining
>> hack I had to add was:
>>
>> diff --git i/hw/usb/bus.c w/hw/usb/bus.c
>> index 5939b273b9..bce011058b 100644
>> --- i/hw/usb/bus.c
>> +++ w/hw/usb/bus.c
>> @@ -407,8 +407,9 @@ void usb_register_companion(const char
>> *masterbus,
>> USBPort *ports[],
>>  void usb_port_location(USBPort *downstream, USBPort *upstream, int
>> portnr)
>>  {
>>      if (upstream) {
>> -        snprintf(downstream->path, sizeof(downstream->path),
>> "%s.%d",
>> -                 upstream->path, portnr);
>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
>> "%s.%d",
>> +                         upstream->path, portnr);
>> +        assert(l < sizeof(downstream->path));
> 
> Approach looks ok to me.
> 
> Maximum hub chain length is 5, number of ports hubs is limited too,
> you'll never need more that two digits for port numbers.  So 2*5 plus 4
> connecting dots => 14 chars is the max strlen.  path size is 16, so it
> will fit, including the terminating \0.

Cool! With that text in the commit message and/or code comment, we can
turn this from a hack into an actual patch, with no change in code.
I'll go ahead and spin this as a formal patch.

> 
> Trying things like "assert(portnr <= 99)" have no effect on the
> possible string length calculated by gcc7.

Perhaps a limitation that ought to be reported to the gcc folks.
Dr. David Alan Gilbert July 17, 2017, 4:46 p.m. UTC | #3 
* Eric Blake (eblake@redhat.com) wrote:
> On 07/17/2017 08:42 AM, Eric Blake wrote:
> > On 07/13/2017 08:07 AM, Philippe Mathieu-Daudé wrote:
> >> On 04/07/2017 04:21 PM, Philippe Mathieu-Daudé wrote:
> >>> Hi Dave,
> >>>
> >>> On 04/07/2017 11:38 AM, Dr. David Alan Gilbert wrote:
> >>>> Hi,
> >>>>    Fedora 26 has gcc 7.0.1 which has the normal compliment
> >>>> of new fussy warnings; so far I've posted :
> >>>>
> >>>> tests/check-qdict: Fix missing brackets
> >>>> slirp/smb: Replace constant strings by glib string
> >>>>
> >>>> that fix one actual mistake and work around something it's being
> >>>> fussy over.
> >>>>
> >>>> But I've also got a pile of hacks, attached below that I'm
> >>>> not too sure what I'll do with them yet, but they're attached
> >>
> >> ping ... What do we do with them?
> > 
> > Well, now that I've upgraded to the just-released Fedora 26, it is now
> > mainline gcc and affecting my builds.  So we should really try and find
> > patches that silence the warnings (although it counts as bug fixes, so
> > it won't hurt if it doesn't make tomorrow's freeze deadline).
> 
> FWIW, most of these have been fixed in the meantime; the only remaining
> hack I had to add was:
> 
> diff --git i/hw/usb/bus.c w/hw/usb/bus.c
> index 5939b273b9..bce011058b 100644
> --- i/hw/usb/bus.c
> +++ w/hw/usb/bus.c
> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
> USBPort *ports[],
>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
>  {
>      if (upstream) {
> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
> -                 upstream->path, portnr);
> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> "%s.%d",
> +                         upstream->path, portnr);
> +        assert(l < sizeof(downstream->path));

You may find this doesn't help in some windows builds;  the assert
functions aren't always marked as noreturn (because they pop up a dialog
that asks you whether you want to run into a debugger etc).

Dave

>          downstream->hubcount = upstream->hubcount + 1;
>      } else {
>          snprintf(downstream->path, sizeof(downstream->path), "%d", portnr);
> 
> Gerd, MAINTAINERS lists you; can you come up with something more robust?
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 



--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Peter Maydell July 17, 2017, 5:22 p.m. UTC | #4 
On 17 July 2017 at 17:46, Dr. David Alan Gilbert <dgilbert@redhat.com> wrote:
> You may find this doesn't help in some windows builds;  the assert
> functions aren't always marked as noreturn (because they pop up a dialog
> that asks you whether you want to run into a debugger etc).

Oh, is that why?

In any case, we rely on g_assert() and friends from glib being
definitely marked noreturn, so we could use them instead.

thanks
-- PMM
Eric Blake July 17, 2017, 5:29 p.m. UTC | #5 
On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:

>> +++ w/hw/usb/bus.c
>> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
>> USBPort *ports[],
>>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
>>  {
>>      if (upstream) {
>> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
>> -                 upstream->path, portnr);
>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
>> "%s.%d",
>> +                         upstream->path, portnr);
>> +        assert(l < sizeof(downstream->path));
> 
> You may find this doesn't help in some windows builds;  the assert
> functions aren't always marked as noreturn (because they pop up a dialog
> that asks you whether you want to run into a debugger etc).

How would it not help?  Are we using gcc 7 on windows builds?  Adding
the assert is enough to shut up new gcc; old gcc was already silent; and
if mingw is still on old gcc, it doesn't matter whether assert() is
marked noreturn for what this patch is doing.
Peter Maydell July 17, 2017, 5:36 p.m. UTC | #6 
On 17 July 2017 at 18:29, Eric Blake <eblake@redhat.com> wrote:
> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
>
>>> +++ w/hw/usb/bus.c
>>> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
>>> USBPort *ports[],
>>>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
>>>  {
>>>      if (upstream) {
>>> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
>>> -                 upstream->path, portnr);
>>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
>>> "%s.%d",
>>> +                         upstream->path, portnr);
>>> +        assert(l < sizeof(downstream->path));
>>
>> You may find this doesn't help in some windows builds;  the assert
>> functions aren't always marked as noreturn (because they pop up a dialog
>> that asks you whether you want to run into a debugger etc).
>
> How would it not help?  Are we using gcc 7 on windows builds?

At some point in the future we are likely to, because my
w32/w64 test setups use the Ubuntu gcc-mingw-w64-x86-64
packages, and so as I upgrade my desktop they will move
forward to newer gcc versions. (More generally our users
may do so before me ;-))

We should be consistent -- if we can't trust assert() to
be marked nonreturn, as it seems we can't, then we shouldn't
write new code that assumes it always is, even if today
it doesn't happen to bite us on the compiler/host combinations
we're testing right now.

thanks
-- PMM
Dr. David Alan Gilbert July 17, 2017, 5:46 p.m. UTC | #7 
* Eric Blake (eblake@redhat.com) wrote:
> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
> 
> >> +++ w/hw/usb/bus.c
> >> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
> >> USBPort *ports[],
> >>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
> >>  {
> >>      if (upstream) {
> >> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
> >> -                 upstream->path, portnr);
> >> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> >> "%s.%d",
> >> +                         upstream->path, portnr);
> >> +        assert(l < sizeof(downstream->path));
> > 
> > You may find this doesn't help in some windows builds;  the assert
> > functions aren't always marked as noreturn (because they pop up a dialog
> > that asks you whether you want to run into a debugger etc).
> 
> How would it not help?  Are we using gcc 7 on windows builds?  Adding
> the assert is enough to shut up new gcc; old gcc was already silent; and
> if mingw is still on old gcc, it doesn't matter whether assert() is
> marked noreturn for what this patch is doing.

[dgilbert@dgilbert-t530 ~]$ x86_64-w64-mingw32-gcc -v
Using built-in specs.
COLLECT_GCC=/usr/bin/x86_64-w64-mingw32-gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-w64-mingw32/7.1.0/lto-wrapper
Target: x86_64-w64-mingw32
Configured with: ../configure --prefix=/usr --bindir=/usr/bin --includedir=/usr/include --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --with-gnu-as --with-gnu-ld --verbose --without-newlib --disable-multilib --disable-plugin --with-system-zlib --disable-nls --without-included-gettext --disable-win32-registry --enable-languages=c,c++,objc,obj-c++,fortran --with-bugurl=http://bugzilla.redhat.com/bugzilla --with-cloog --enable-threads=posix --enable-libgomp --target=x86_64-w64-mingw32 --with-sysroot=/usr/x86_64-w64-mingw32/sys-root --with-gxx-include-dir=/usr/x86_64-w64-mingw32/sys-root/mingw/include/c++
Thread model: posix
gcc version 7.1.0 20170502 (Fedora MinGW 7.1.0-1.fc26) (GCC)

Dave
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 



--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Eric Blake July 17, 2017, 6:10 p.m. UTC | #8 
On 07/17/2017 12:36 PM, Peter Maydell wrote:
> On 17 July 2017 at 18:29, Eric Blake <eblake@redhat.com> wrote:
>> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
>>
>>>> +++ w/hw/usb/bus.c
>>>> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
>>>> USBPort *ports[],
>>>>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
>>>>  {
>>>>      if (upstream) {
>>>> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
>>>> -                 upstream->path, portnr);
>>>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
>>>> "%s.%d",
>>>> +                         upstream->path, portnr);
>>>> +        assert(l < sizeof(downstream->path));
>>>
>>> You may find this doesn't help in some windows builds;  the assert
>>> functions aren't always marked as noreturn (because they pop up a dialog
>>> that asks you whether you want to run into a debugger etc).
>>
>> How would it not help?  Are we using gcc 7 on windows builds?
> 
> At some point in the future we are likely to, because my
> w32/w64 test setups use the Ubuntu gcc-mingw-w64-x86-64
> packages, and so as I upgrade my desktop they will move
> forward to newer gcc versions. (More generally our users
> may do so before me ;-))

So, does gcc's warning actually depend on the no-return-ness of the
assert() statement added here?

Would there be anything wrong with making osdep.h do this on mingw:

#include <assert.h>
#undef assert
#define assert(expr) g_assert(expr)

so that we can reliably get no-return handling that we desire, without
having to audit lots of other code?

> 
> We should be consistent -- if we can't trust assert() to
> be marked nonreturn, as it seems we can't, then we shouldn't
> write new code that assumes it always is, even if today
> it doesn't happen to bite us on the compiler/host combinations
> we're testing right now.
Dr. David Alan Gilbert July 17, 2017, 6:48 p.m. UTC | #9 
* Eric Blake (eblake@redhat.com) wrote:
> On 07/17/2017 12:36 PM, Peter Maydell wrote:
> > On 17 July 2017 at 18:29, Eric Blake <eblake@redhat.com> wrote:
> >> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
> >>
> >>>> +++ w/hw/usb/bus.c
> >>>> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
> >>>> USBPort *ports[],
> >>>>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
> >>>>  {
> >>>>      if (upstream) {
> >>>> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
> >>>> -                 upstream->path, portnr);
> >>>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> >>>> "%s.%d",
> >>>> +                         upstream->path, portnr);
> >>>> +        assert(l < sizeof(downstream->path));
> >>>
> >>> You may find this doesn't help in some windows builds;  the assert
> >>> functions aren't always marked as noreturn (because they pop up a dialog
> >>> that asks you whether you want to run into a debugger etc).
> >>
> >> How would it not help?  Are we using gcc 7 on windows builds?
> > 
> > At some point in the future we are likely to, because my
> > w32/w64 test setups use the Ubuntu gcc-mingw-w64-x86-64
> > packages, and so as I upgrade my desktop they will move
> > forward to newer gcc versions. (More generally our users
> > may do so before me ;-))
> 
> So, does gcc's warning actually depend on the no-return-ness of the
> assert() statement added here?

I'm not sure in this case, I'd hit it previously though, see my comment
from 2015 in:
   https://sourceforge.net/p/mingw-w64/bugs/306/

> Would there be anything wrong with making osdep.h do this on mingw:
> 
> #include <assert.h>
> #undef assert
> #define assert(expr) g_assert(expr)
> 
> so that we can reliably get no-return handling that we desire, without
> having to audit lots of other code?

It's a bit nasty, but hmm.
I only just about trust glib not to change, all of the fancier g_assert
variants can return, but g_assert is still safe.

Dave

> > 
> > We should be consistent -- if we can't trust assert() to
> > be marked nonreturn, as it seems we can't, then we shouldn't
> > write new code that assumes it always is, even if today
> > it doesn't happen to bite us on the compiler/host combinations
> > we're testing right now.
> 
> -- 
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.           +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
> 



--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
Daniel P. Berrangé July 18, 2017, 7:23 a.m. UTC | #10 
On Mon, Jul 17, 2017 at 12:29:08PM -0500, Eric Blake wrote:
> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
> 
> >> +++ w/hw/usb/bus.c
> >> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
> >> USBPort *ports[],
> >>  void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
> >>  {
> >>      if (upstream) {
> >> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
> >> -                 upstream->path, portnr);
> >> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> >> "%s.%d",
> >> +                         upstream->path, portnr);
> >> +        assert(l < sizeof(downstream->path));
> > 
> > You may find this doesn't help in some windows builds;  the assert
> > functions aren't always marked as noreturn (because they pop up a dialog
> > that asks you whether you want to run into a debugger etc).
> 
> How would it not help?  Are we using gcc 7 on windows builds?  Adding
> the assert is enough to shut up new gcc; old gcc was already silent; and
> if mingw is still on old gcc, it doesn't matter whether assert() is
> marked noreturn for what this patch is doing.

Mingw isn't using a fork of GCC anymore, its all mainline. Thus Fedora's
mingw gcc packages track native gcc packages. IOW i686-w64-mingw32-gcc
is already on version 7.1.0 in Fedora

Regards,
Daniel
Eric Blake July 18, 2017, 12:35 p.m. UTC | #11 
On 07/18/2017 02:23 AM, Daniel P. Berrange wrote:
>> How would it not help?  Are we using gcc 7 on windows builds?  Adding
>> the assert is enough to shut up new gcc; old gcc was already silent; and
>> if mingw is still on old gcc, it doesn't matter whether assert() is
>> marked noreturn for what this patch is doing.
> 
> Mingw isn't using a fork of GCC anymore, its all mainline. Thus Fedora's
> mingw gcc packages track native gcc packages. IOW i686-w64-mingw32-gcc
> is already on version 7.1.0 in Fedora

So I guess that means running 'make docker-test-mingw@fedora' on Fedora
26 will find out if we need further tweaks?  Trying it now...

Nope, didn't get very far :(

$ make docker-test-mingw@fedora
  BUILD   fedora
make[1]: Entering directory '/home/eblake/qemu'
  ARCHIVE qemu.tgz
usage: git archive [<options>] <tree-ish> [<path>...]
...
make[1]: *** [/home/eblake/qemu/tests/docker/Makefile.include:35:
docker-src.2017-07-18-07.35.20.4101] Error 129
make[1]: Leaving directory '/home/eblake/qemu'
make: *** [/home/eblake/qemu/tests/docker/Makefile.include:156:
docker-run-test-mingw@fedora] Error 2

Am I not doing it right?
Daniel P. Berrangé July 18, 2017, 12:56 p.m. UTC | #12 
On Tue, Jul 18, 2017 at 07:35:58AM -0500, Eric Blake wrote:
> On 07/18/2017 02:23 AM, Daniel P. Berrange wrote:
> >> How would it not help?  Are we using gcc 7 on windows builds?  Adding
> >> the assert is enough to shut up new gcc; old gcc was already silent; and
> >> if mingw is still on old gcc, it doesn't matter whether assert() is
> >> marked noreturn for what this patch is doing.
> > 
> > Mingw isn't using a fork of GCC anymore, its all mainline. Thus Fedora's
> > mingw gcc packages track native gcc packages. IOW i686-w64-mingw32-gcc
> > is already on version 7.1.0 in Fedora
> 
> So I guess that means running 'make docker-test-mingw@fedora' on Fedora
> 26 will find out if we need further tweaks?  Trying it now...
> 
> Nope, didn't get very far :(
> 
> $ make docker-test-mingw@fedora
>   BUILD   fedora
> make[1]: Entering directory '/home/eblake/qemu'
>   ARCHIVE qemu.tgz
> usage: git archive [<options>] <tree-ish> [<path>...]
> ...
> make[1]: *** [/home/eblake/qemu/tests/docker/Makefile.include:35:
> docker-src.2017-07-18-07.35.20.4101] Error 129
> make[1]: Leaving directory '/home/eblake/qemu'
> make: *** [/home/eblake/qemu/tests/docker/Makefile.include:156:
> docker-run-test-mingw@fedora] Error 2
> 
> Am I not doing it right?

That works fine for me - perhaps  V=1 will tell you what's wrong
with the git archive command.

In any case, despite having gcc 7.1.0, I don't see the error
messages in question when running a mingw build. It could be that
the new problems GCC 7 reports are only triggered when combined
with a suitable C library like GCC, to get the symbols annotated
to enable fortify source to check them.

Regards,
Daniel
Philippe Mathieu-Daudé July 18, 2017, 3:04 p.m. UTC | #13 
On 07/17/2017 02:36 PM, Peter Maydell wrote:
> On 17 July 2017 at 18:29, Eric Blake <eblake@redhat.com> wrote:
>> On 07/17/2017 11:46 AM, Dr. David Alan Gilbert wrote:
[...]
>>> You may find this doesn't help in some windows builds;  the assert
>>> functions aren't always marked as noreturn (because they pop up a dialog
>>> that asks you whether you want to run into a debugger etc).
>>
>> How would it not help?  Are we using gcc 7 on windows builds?
> 
> At some point in the future we are likely to, because my
> w32/w64 test setups use the Ubuntu gcc-mingw-w64-x86-64
> packages, and so as I upgrade my desktop they will move
> forward to newer gcc versions. (More generally our users
> may do so before me ;-))

The MXE toolchain (mxe.cc) provides GCC version 5.4.0 and compiles fine:

win32:
https://app.shippable.com/github/philmd/qemu/runs/32/2/console

# file i386-softmmu/qemu-system-i386.exe
i386-softmmu/qemu-system-i386.exe: PE32 executable (console) Intel 
80386, for MS Windows

and win64:
https://app.shippable.com/github/philmd/qemu/runs/32/3/console

# file x86_64-softmmu/qemu-system-x86_64.exe
x86_64-softmmu/qemu-system-x86_64.exe: PE32+ executable (console) 
x86-64, for MS Windows

> We should be consistent -- if we can't trust assert() to
> be marked nonreturn, as it seems we can't, then we shouldn't
> write new code that assumes it always is, even if today
> it doesn't happen to bite us on the compiler/host combinations
> we're testing right now.

And there is also the problem when you compiles with CPPFLAGS+=-DNDEBUG 
some oldschool guys still have in their ~/.cshrc ;)

Phil.
Eric Blake July 18, 2017, 3:10 p.m. UTC | #14 
On 07/18/2017 10:04 AM, Philippe Mathieu-Daudé wrote:
>> We should be consistent -- if we can't trust assert() to
>> be marked nonreturn, as it seems we can't, then we shouldn't
>> write new code that assumes it always is, even if today
>> it doesn't happen to bite us on the compiler/host combinations
>> we're testing right now.
> 
> And there is also the problem when you compiles with CPPFLAGS+=-DNDEBUG
> some oldschool guys still have in their ~/.cshrc ;)

We don't have problems with people defining NDEBUG in their environment;
such people would already hit at least:

hw/scsi/mptsas.c:#ifdef NDEBUG
hw/scsi/mptsas.c:#error building with NDEBUG is not supported

(maybe we should hoist that to osdep.h, though)
Richard Henderson July 18, 2017, 11:59 p.m. UTC | #15 
On 07/17/2017 03:48 AM, Eric Blake wrote:
> On 07/17/2017 08:42 AM, Eric Blake wrote:
>> On 07/13/2017 08:07 AM, Philippe Mathieu-Daudé wrote:
>>> On 04/07/2017 04:21 PM, Philippe Mathieu-Daudé wrote:
>>>> Hi Dave,
>>>>
>>>> On 04/07/2017 11:38 AM, Dr. David Alan Gilbert wrote:
>>>>> Hi,
>>>>>     Fedora 26 has gcc 7.0.1 which has the normal compliment
>>>>> of new fussy warnings; so far I've posted :
>>>>>
>>>>> tests/check-qdict: Fix missing brackets
>>>>> slirp/smb: Replace constant strings by glib string
>>>>>
>>>>> that fix one actual mistake and work around something it's being
>>>>> fussy over.
>>>>>
>>>>> But I've also got a pile of hacks, attached below that I'm
>>>>> not too sure what I'll do with them yet, but they're attached
>>>
>>> ping ... What do we do with them?
>>
>> Well, now that I've upgraded to the just-released Fedora 26, it is now
>> mainline gcc and affecting my builds.  So we should really try and find
>> patches that silence the warnings (although it counts as bug fixes, so
>> it won't hurt if it doesn't make tomorrow's freeze deadline).
> 
> FWIW, most of these have been fixed in the meantime; the only remaining
> hack I had to add was:
> 
> diff --git i/hw/usb/bus.c w/hw/usb/bus.c
> index 5939b273b9..bce011058b 100644
> --- i/hw/usb/bus.c
> +++ w/hw/usb/bus.c
> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
> USBPort *ports[],
>   void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
>   {
>       if (upstream) {
> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
> -                 upstream->path, portnr);
> +        int l = snprintf(downstream->path, sizeof(downstream->path),
> "%s.%d",
> +                         upstream->path, portnr);
> +        assert(l < sizeof(downstream->path));

Do you really need an assert there, or will

	(void)l; /* "used" */

work as well?  You didn't mention what the reported error is, so I'm guessing.


r~
Eric Blake July 19, 2017, 12:34 a.m. UTC | #16 
On 07/18/2017 06:59 PM, Richard Henderson wrote:

>> +++ w/hw/usb/bus.c
>> @@ -407,8 +407,9 @@ void usb_register_companion(const char *masterbus,
>> USBPort *ports[],
>>   void usb_port_location(USBPort *downstream, USBPort *upstream, int
>> portnr)
>>   {
>>       if (upstream) {
>> -        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
>> -                 upstream->path, portnr);
>> +        int l = snprintf(downstream->path, sizeof(downstream->path),
>> "%s.%d",
>> +                         upstream->path, portnr);
>> +        assert(l < sizeof(downstream->path));
> 
> Do you really need an assert there, or will
> 
>     (void)l; /* "used" */
> 
> work as well?  You didn't mention what the reported error is, so I'm
> guessing.

The original error is that gcc 7 complains that snprintf is prone to
buffer overflow if the input is unbounded.  Adding the assert that we
KNOW the input is not unbounded is enough to shut up gcc, on Linux.
What was then drawn into question is whether assert still has that
property on mingw (since assert on mingw lacks the noreturn marking that
it has on Linux).

At this point, unless someone posts an actual failure of gcc 7 compiling
this code for mingw, I don't see why we have to change it; shutting up
the warning on Linux is good enough for the purpose of this patch.
Thomas Huth July 19, 2017, 7:15 a.m. UTC | #17 
On 18.07.2017 17:10, Eric Blake wrote:
> On 07/18/2017 10:04 AM, Philippe Mathieu-Daudé wrote:
>>> We should be consistent -- if we can't trust assert() to
>>> be marked nonreturn, as it seems we can't, then we shouldn't
>>> write new code that assumes it always is, even if today
>>> it doesn't happen to bite us on the compiler/host combinations
>>> we're testing right now.
>>
>> And there is also the problem when you compiles with CPPFLAGS+=-DNDEBUG
>> some oldschool guys still have in their ~/.cshrc ;)
> 
> We don't have problems with people defining NDEBUG in their environment;
> such people would already hit at least:
> 
> hw/scsi/mptsas.c:#ifdef NDEBUG
> hw/scsi/mptsas.c:#error building with NDEBUG is not supported
> 
> (maybe we should hoist that to osdep.h, though)

Yes, please. Not every target is build with CONFIG_MPTSAS_SCSI_PCI so we
should move that to a more central place.

 Thomas
diff mbox

Patch

diff --git i/hw/usb/bus.c w/hw/usb/bus.c
index 5939b273b9..bce011058b 100644
--- i/hw/usb/bus.c
+++ w/hw/usb/bus.c
@@ -407,8 +407,9 @@  void usb_register_companion(const char *masterbus,
USBPort *ports[],
 void usb_port_location(USBPort *downstream, USBPort *upstream, int portnr)
 {
     if (upstream) {
-        snprintf(downstream->path, sizeof(downstream->path), "%s.%d",
-                 upstream->path, portnr);
+        int l = snprintf(downstream->path, sizeof(downstream->path),
"%s.%d",
+                         upstream->path, portnr);
+        assert(l < sizeof(downstream->path));
         downstream->hubcount = upstream->hubcount + 1;