Linus Torvalds wrote: > On Fri, 2 Feb 2007, Pavel Roskin wrote: >> I think sparse should distinguish between safe and unsafe preprocessor >> operations on undefined symbols. [...] >> For instance, "#if SYMBOL" has a very specific meaning > > No. > > #if SYMBOL > > has a very specific *problem* - it very possibly is a typo. > > So this is a warning I absolutely *want* for the kernel. If some other > projects don't want it, fine, but it should be on by default as a warnign > for potentially dangerous use of preprocessor symbols. I looked this behavior up in the C99 standard, and found the following text in section 6.10.1: > Prior to evaluation, macro invocations in the list of preprocessing tokens > that will become the controlling constant expression are replaced (except > for those macro names modified by the defined unary operator), just as in > normal text. If the token defined is generated as a result of this > replacement process or use of the defined unary operator does not match one > of the two specified forms prior to macro replacement, the behavior is > undefined. After all replacements due to macro expansion and the defined > unary operator have been performed, all remaining identifiers are replaced > with the pp-number 0, and then each preprocessing token is converted into a > token. The resulting tokens compose the controlling constant expression > which is evaluated according to the rules of 6.6. This states that we must substitute 0 for any undefined preprocessor symbol in a #if or #elif condition, no matter what kind of expression they show up in. I confirmed this behavior via both GCC and Sparse; in an #if, "-1 < SOMESYMBOL" evaluates true, and "1 < SOMESYMBOL" evaluates false. Sparse follows this spec precisely with respect to actual preprocessor behavior; it simply has the ability to warn. GCC has an equivalent option, also named -Wundef, that also generates a warning. Like Sparse, GCC does not issue this warning by default; GCC does not include it in -Wall either. For both Sparse and GCC, you have to turn it on the warning for it to occur. All of this makes me disinclined to turn -Wundef on by default. However, I also see no reason to change the current behavior of -Wundef. GCC will also give you a warning if you give -Wundef. Just don't pass -Wundef if you have valid conditionals in your project that generate warnings about undefined preprocessor symbols. However, Pavel, if you feel you could make part of -Wundef suitable to join the default set of warnings, feel free. - Josh Triplett
Attachment:
signature.asc
Description: OpenPGP digital signature
