On 02/20/2018 08:25 PM, Jeff Law wrote:
On 02/20/2018 04:59 PM, Martin Sebor wrote:
It would help if you explained why you think it is a good idea
ignoring the other phi arguments if you have one (or more) where you can
determine length.
It's a heuristic that was meant just for the -Wformat-overflow
warning. When making decisions that affect code generation it's
obviously not correct to ignore the possibility that unknown
arguments may be shorter than the minimum or longer than
the maximum. The fuzzy argument was meant to differentiate
between two got but I forgot about it when I added the fix
for PR 83671.
For GCC 8 I don't have a preference for how to fix this as long
as it doesn't regress the warning tests.
I think the ultimate solution (for GCC 9) may be to either
disable the heuristic for code generation purposes (e.g., via
another argument/flag) or provide a pointer argument to indicate
to the caller that the minimum is based on known strings, and that
the real minimum may be zero.
I'm still getting refamiliar with this code. But one thing that jumps
out immediately is how much this reminds me of the discussion we had
around 77608 -- where I argued that returning something that was not
conservatively correct was just asking for long term problems.
I realize we're talking about different routines, but the concerns are
the same -- when we return something that is not conservatively correct
it's easy for someone to mistakenly use those results for code
generation purposes.
The fuzzy stuff is in there to reduce the false positive rates and we're
not *supposed* to be using fuzzy results for code generation purposes,
but as I argued in 77608, it's easy to miss.
I'll reiterate my desire to make this kind of mistake harder to make.
I agree. I'll take care of it in stage 1.
Martin
