lars_e_krueger at gmx.de
Sat Feb 12 09:10:01 CET 2011
-------- Original-Nachricht --------
> Datum: Sat, 12 Feb 2011 02:37:48 +0000
> Von: Campbell Barton <ideasman42 at gmail.com>
> An: bf-blender developers <bf-committers at blender.org>
> Betreff: Re: [Bf-committers] bugs?
> You suggest we should eventually make blender warning free, I'd like
> this too but at the moment there are a enough false positives mixed in
> with Clang's warnings.
> Or, at least warnings which will never happen unless blender runs into
> memory corruptions/un-thread-safe code.
> In practice this isn't so simple.
Completely agree here. Working code is more important than nice looking code.
> Clang's static checker considers that checks on a value which is a
> pointer passed to the argument may not be the same twice: Example, see
> checks on (mface[i].flag & ME_SMOOTH)
> In this case it can be silenced by assigning a const and checking that
> const int smoothnormal = (mface[i].flag & ME_SMOOTH);
I think Clang also has a point here. If you are really sure that no other threads can change mface[i], because you know there is a lock a few stack frames above, then this really is a false-positive warning. I think your suggestion also results in code that looks nicer because you have a talking name for the condition.
> ... you can see its unreasonable to assign const's everywhere just
> because a variable could theoretically be changed by another thread
> and cause a check to be true once and false the next.
That also depends on how much more you know than Clang. I'll give you an example why I think consts are a good idea. This is a reocurring error I frequently make at work. I have to work a lot with pre-allocated arrays in real-time processing applications.
int n = something.nThings;
for( int i=0; i<n; ++n)
Code compiles without a single warning. See the problem? The loop increments n instead of i and happily runs 2^32 iterations on i=0.
const int n = something.nThings;
for( int i=0; i<n; ++n)
Compile it and you get an error for incrementing n. Same goes for = instead of ==.
> I didn't mean to bring this up since blender's code has lots of
> potential buffer overruns, every so often I try to reduce these by
> using BLI_snprintf and similar but we still have enough unchecked uses
> of sprintf, strcpy().
> Of course these _should_ be changed, on the other hand there are lots
> of bugs in the tracker and hardly any are to do with buffer overruns
> because over time we fixed reported cases.
Agree here. Don't change it unless you know its broken.
> Since you point this out, I changes the function so the values are
> printed directly then the stdout flushed. r34785.
Saw the final printf after I send my reply.
> This is easier then imposing string lengths.
In this case.
> Using (void)value; isn't that strange, Nokia's QT-Toolkit uses a macro
> for this to silence unused argument warnings.
> #define Q_UNUSED(x) (void)x;
> We could #ifdef a macro like this for MSVC is needed.
> Not suggesting we add this but I'd prefer this to removing assignments
> potentially adding confusion later.
For a lot of copy-and-paste code in the UI, this is the more practical approach, I agree.
As closing words, I would like to add a big "Thank you" for doing this task of cleaning up these warnings.
Dr. Lars Krueger
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
More information about the Bf-committers