This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Could preprocessor warn for unsafe macros and side-effects?
- From: Eric Gallager <egall at gwmail dot gwu dot edu>
- To: Martin Sebor <msebor at gmail dot com>
- Cc: "sarah at hederstierna dot com" <fredrik at hederstierna dot com>, "gcc at gcc dot gnu dot org" <gcc at gcc dot gnu dot org>
- Date: Mon, 17 Jul 2017 10:15:25 -0400
- Subject: Re: Could preprocessor warn for unsafe macros and side-effects?
- Authentication-results: sourceware.org; auth=none
- References: <263ef4cd6f55417e97d180530b2e64ba@DAG03.HMC.local> <0e7c5ce7ab53409cbf005936c9afb67f@DAG04.HMC.local> <590e5e79-adfa-39dc-d002-f82065015862@gmail.com>
On 7/12/17, Martin Sebor <msebor@gmail.com> wrote:
> On 07/11/2017 11:50 PM, sarah@hederstierna.com wrote:
>> Hi
>>
>> Reading about macro pitfalls and eg duplication side-effects
>> https://gcc.gnu.org/onlinedocs/cpp/Macro-Pitfalls.html#Macro-Pitfalls
>>
>> would it be possible to let the preprocessor generate warnings for any of
>> these pitfalls?
>
> The preprocessor has no knowledge of the language rules but it is
> possible to detect some of these problems in the parser. In fact,
> a checker for one of the CERT problems was added not too long ago:
> -Wmulti-statement-macros. I would suggest to open an enhancement
> request asking for features you would find particularly valuable.
>
I think bug 6906 is related although it's limited to just the specific
case of assert(): https://gcc.gnu.org/bugzilla/show_bug.cgi?id=6906
>>
>> Maybe all language specific parts are not know at this early preprocessing
>> stage, but possibly some info could be stored for use in later pass?
>>
>> I'm thinking of eg. for "function-like macros" with arguments, checking
>>
>> -Wmacro-side-effects
>>
>> * IF function-like macro expands/duplicates an argument more than once
>> THEN
>> WARN if function() is part as the argument
>> WARN if unary ++ or -- is used on variable as part of argument
>> WARN if assignment operator = is part of argument
>> WARN if volatile variable part as the argument
>>
>> -Wmacro-operator-precedence
>>
>> * WARN if macro argument contains an expression with operator(s), an a
>> _higher_ precedence operator is used within the macro on this argument,
>> without parenthesis around
>>
>> I'm not sure its even possible at preprocessing stage, but it would be
>> nice to have,
>> I saw some static code analysis tools like Coverity detects these
>> https://www.securecoding.cert.org/confluence/display/c/PRE31-C.+Avoid+side+effects+in+arguments+to+unsafe+macros
>>
>> Of course it might generate some false-positives so warning might not be
>> enabled by default, maybe just -Wall or -Wextra,
>> but perhaps it hard to solve, and I'm not sure where and how to implement
>> the checking algorithm.
>
> Those sound like good ideas. Some of them and the challenges
> with implementing them were discussed in the context of the
> -Wmulti-statement-macros enhancement:
>
> https://gcc.gnu.org/ml/gcc-patches/2017-06/msg00064.html
>
> Martin
>