This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[5.0] PR60194 [c-family] add -Wformat-signedness to warn about %d/%u signedness mismatch

From: Tobias Burnus <tobias dot burnus at physik dot fu-berlin dot de>
To: gcc-patches at gcc dot gnu dot org
Date: Tue, 18 Feb 2014 17:17:52 +0100
Subject: [5.0] PR60194 [c-family] add -Wformat-signedness to warn about %d/%u signedness mismatch
Authentication-results: sourceware.org; auth=none

This patch adds a warning to -Wformat=2, which can also be used as
-Wformat -Wformat-signedness and which warns when the signedness
of the argument doesn't match the one of %x/%u/%d/%i/...

That was motivated by a check of cppcheck, which found some issues
in a bigger code.

Bootstrapped and regtested on x86-64-gnu-linux.
OK when Stage 1 opens again?

Tobias

2014-02-18  Tobias Burnus  <burnus@net-b.de>

	PR c/60194

gcc/c-family/
	* c.opt (Wformat-signedness): Add
	* c-format.c(check_format_types): Use it.

gcc/
	* doc/invoke.texi (-Wformat-signedness): Document it.
	(Wformat=2): Mention that this enables -Wformat-signedness.

gcc/testsuite/:
	* g++.dg/warn/warn_format_signedness.C: New.
	* gcc.dg/format/warn-signedness.c


diff --git a/gcc/c-family/c-format.c b/gcc/c-family/c-format.c
index cdc09c4..4c0313d 100644
--- a/gcc/c-family/c-format.c
+++ b/gcc/c-family/c-format.c
@@ -2418,7 +2418,9 @@ check_format_types (format_wanted_type *types)
 	 a second level of indirection.  */
       if (TREE_CODE (wanted_type) == INTEGER_TYPE
 	  && TREE_CODE (cur_type) == INTEGER_TYPE
-	  && (!pedantic || i == 0 || (i == 1 && char_type_flag))
+	  && ((!pedantic && !warn_format_signedness)
+	      || (i == 0 && !warn_format_signedness)
+	      || (i == 1 && char_type_flag))
 	  && (TYPE_UNSIGNED (wanted_type)
 	      ? wanted_type == c_common_unsigned_type (cur_type)
 	      : wanted_type == c_common_signed_type (cur_type)))
diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index aad54e2..7fa6381 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -415,6 +415,10 @@ Wformat-security
 C ObjC C++ ObjC++ Var(warn_format_security) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
 Warn about possible security problems with format functions
 
+Wformat-signedness
+C ObjC C++ ObjC++ Var(warn_format_signedness) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
+Warn about sign differences with format functions
+
 Wformat-y2k
 C ObjC C++ ObjC++ Var(warn_format_y2k) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=,warn_format >= 2, 0)
 Warn about strftime formats yielding 2-digit years
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 4d1b657..ab8101d 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -246,7 +246,7 @@ Objective-C and Objective-C++ Dialects}.
 -Wno-endif-labels -Werror  -Werror=* @gol
 -Wfatal-errors  -Wfloat-equal  -Wformat  -Wformat=2 @gol
 -Wno-format-contains-nul -Wno-format-extra-args -Wformat-nonliteral @gol
--Wformat-security  -Wformat-y2k @gol
+-Wformat-security  -Wformat-signedness  -Wformat-y2k @gol
 -Wframe-larger-than=@var{len} -Wno-free-nonheap-object -Wjump-misses-init @gol
 -Wignored-qualifiers @gol
 -Wimplicit  -Wimplicit-function-declaration  -Wimplicit-int @gol
@@ -3564,7 +3564,7 @@ The C standard specifies that zero-length formats are allowed.
 @opindex Wformat=2
 Enable @option{-Wformat} plus additional format checks.  Currently
 equivalent to @option{-Wformat -Wformat-nonliteral -Wformat-security
--Wformat-y2k}.
+-Wformat-signedness -Wformat-y2k}.
 
 @item -Wformat-nonliteral
 @opindex Wformat-nonliteral
@@ -3586,6 +3586,12 @@ currently a subset of what @option{-Wformat-nonliteral} warns about, but
 in future warnings may be added to @option{-Wformat-security} that are not
 included in @option{-Wformat-nonliteral}.)
 
+@item -Wformat-signedness
+@opindex Wformat-signedness
+@opindex Wno-format-signedness
+If @option{-Wformat} is specified, also warn if the format string
+requires an unsigned argument and the argument is signed and vice versa.
+
 @item -Wformat-y2k
 @opindex Wformat-y2k
 @opindex Wno-format-y2k
diff --git a/gcc/testsuite/g++.dg/warn/warn_format_signedness.C b/gcc/testsuite/g++.dg/warn/warn_format_signedness.C
new file mode 100644
index 0000000..473d522
--- /dev/null
+++ b/gcc/testsuite/g++.dg/warn/warn_format_signedness.C
@@ -0,0 +1,11 @@
+/* { dg-do compile }  */
+/* { dg-options "-Wformat -Wformat-signedness" }  */
+
+/* PR c/60194  */
+
+void foo(unsigned u, int i, unsigned char uc, signed char sc) {
+  __builtin_printf("%d\n", u);  /* { dg-warning "expects argument of type 'int', but argument 2 has type 'unsigned int'" } */
+  __builtin_printf("%u\n", i);  /* { dg-warning "expects argument of type 'unsigned int', but argument 2 has type 'int'" } */
+  __builtin_printf("%c\n", sc);
+  __builtin_printf("%c\n", uc);
+}
diff --git a/gcc/testsuite/gcc.dg/format/warn-signedness.c b/gcc/testsuite/gcc.dg/format/warn-signedness.c
new file mode 100644
index 0000000..473d522
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/format/warn-signedness.c
@@ -0,0 +1,11 @@
+/* { dg-do compile }  */
+/* { dg-options "-Wformat -Wformat-signedness" }  */
+
+/* PR c/60194  */
+
+void foo(unsigned u, int i, unsigned char uc, signed char sc) {
+  __builtin_printf("%d\n", u);  /* { dg-warning "expects argument of type 'int', but argument 2 has type 'unsigned int'" } */
+  __builtin_printf("%u\n", i);  /* { dg-warning "expects argument of type 'unsigned int', but argument 2 has type 'int'" } */
+  __builtin_printf("%c\n", sc);
+  __builtin_printf("%c\n", uc);
+}

Follow-Ups:
- Re: [5.0] PR60194 [c-family] add -Wformat-signedness to warn about %d/%u signedness mismatch
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]