This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: warning for -Wformat and non-literal-string format
- To: aj at suse dot de, raeburn at raeburn dot org
- Subject: Re: warning for -Wformat and non-literal-string format
- From: "Kaveh R. Ghazi" <ghazi at caip dot rutgers dot edu>
- Date: Mon, 11 Oct 1999 10:11:11 -0400 (EDT)
- Cc: gcc-patches at gcc dot gnu dot org
> From: Ken Raeburn <raeburn@raeburn.org>
>
> Oops. That pesky glibc again... :-)
>
> The more I think about it -- and the more I run the compiler on the
> code at work :-) -- the more I think that checking for the current
> function also having a format attribute is the right way to go.
> I'll work on it... Once that's done, it should trigger less often
> (in cases like this, at least, where gcc-specific attributes may be
> allowed), and then we can look at whether another option really is
> needed.
I don't know if checking whether the containing function has a
format attribute would solve the problem entirely. Both vprintf and
vfprintf have a format attribute set. But I noticed in gcc that there
may be several layers of va_list functions calling successive ones and
the intermediaries don't have the a format attribute set. (This could
probably be fixed.)
Another approach which only takes into account the called function,
would be to notice what distinguishes the false positive functions is
that the format of the called function is always set to (N, 0) where N
is the format field, and 0 is the "first-arg" field. I think it is
almost always the case that functions taking va_list (as opposed to
...) are passed a non-literal format string, and all of these are set
with a "first-arg" parameter of zero.
I've looked at most of the 130 new warnings this elicits from gcc
itself, and it looks like all of the false positives (as well as
Andreas' case below) would be eliminated if we ignored (N, 0)
functions for the purposes of the "format string not literal" warning.
I'll have to do some experiments to know for sure. But I think this
might be the right solution.
--Kaveh
>
> > >> Unfortunately, it also complains on variadic routines that themselves
> > >> accept formats and parameters, and call vfprintf or vsyslog or
> > >> whatever. If such calling functions have format attribute
> > >> declarations too, it may be possible to refine the check somewhat.
> > >> But I'm just going to check those cases by hand, for now. :-)
>
> Andreas Jaeger <aj@suse.de> writes:
> > Bootstrapping egcs I got a number of:
> > In file included from /usr/include/stdio.h:631,
> > from ../../cvs/gcc/gcc/system.h:33,
> > from insn-emit.c:5:
> > /usr/include/bits/stdio.h: In function `vprintf':
> > /usr/include/bits/stdio.h:35: warning: format not a string literal,
> argument t
> ypes not checked
> >
> > The warnings come from this piece of code in <bits/stdio.h> (from
> > glibc 2.1.2):
> >
> > /* Write formatted output to stdout from argument list ARG. */
> > __STDIO_INLINE int
> > vprintf (__const char *__restrict __fmt, _G_va_list __arg) __THROW
> > {
> > return vfprintf (stdout, __fmt, __arg);
> > }
> >
> > Is there a way to stop these warnings?
--
Kaveh R. Ghazi Engagement Manager / Project Services
ghazi@caip.rutgers.edu Qwest Internet Solutions