On 2/27/2014 2:02 PM, Nicholas Nethercote wrote:
> On Thu, Feb 27, 2014 at 12:44 PM, Zack Weinberg <za...@panix.com> wrote:
>>>>
>>> Treating these as warnings, not errors, is probably the best thing
>>> here. If you see the warning and you've recently changed that
>>> code, then check it. If you haven't, you see the "may be" and
>>> ignore it.
>>
>> This is exactly the same thing dbaron said the last time I brought
>> this up (quite some time ago - 2010, maybe?) I didn't buy it then and
>> I don't buy it now. I think it is far more likely that a
>> maybe-used-uninitialized true positive will *go unnoticed* because
>> we've trained ourselves to ignore those warnings, and I don't think
>> better precision in a valgrind run is worth the risk of letting a true
>> positive slip through in a release build. Those bugs tend to be
>> security critical.
>
> I'm definitely a fix-all-the-warnings guy, but when I looked into this
> stuff closely (a while back now) I found that these uninitialized
> warnings caused far more false positives than any other kind of
> warning, and suppressing the warning often was more difficult than
> you'd expect. So even I backed away from trying to fix them. And
> that's why they're not considered as part of the WARNINGS_AS_ERRORS
> (or whatever they're called) builds.
>
> So I'm pleased to hear that -W{sometimes,maybe}-initialized have lower
> false positive rates. Investigating them sounds like the most
> promising avenue for progress.
Speaking of compiler warnings, do people commonly run into "compiler
warning mismatch" with warnings-as-errors due to running separate
versions of Clang/GCC/MSVC locally than what runs in automation? i.e. do
you find yourself building things fine locally only to run into try
failures or backouts when the patch runs on automation? If so, how big
of a problem is this?
I'm asking because the subject of reproducible build environments comes
up semi-frequently. RelEng now publishes archives of the Linux chroot
build environments. And the Clang toolchain we use is also available.
And MSVC/MozillaBuild is pretty consistent across machines. Having a
build system mode that uses the "official bits" from automation locally
is within reach. Currently, the main benefactors of that are perceived
to be the people desiring verifiable builds, not local developers.
Would reproducible build environments address a pain point? Would things
change if we became a lot more aggressive about enabling compiler
warnings? FWIW, we still only have fail-on-warnings in 223 of 618
directories. There's a lot of room to make the compiler work more for us
(and for warnings to annoy more people in the process).
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
