From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Simple Warnings Needs
Date: Wed, 23 Feb 2011 21:06:10 +0100
Date: 2011-02-23T21:06:10+01:00 [thread overview]
Message-ID: <87oc62wm6l.fsf@ludovic-brenta.org> (raw)
In-Reply-To: 8aaf3582-0cc1-4c5f-ab85-eeb7ba569d9e@glegroupsg2000goo.googlegroups.com
Rego writes:
> I would like to know (in more details than gnat documentation) the
> criticality of these warnings options:
>
> ** "-gnatwd" (Implicit dereferencing)
> ** "-gnatwf" (Unreferenced formals)
> ** "-gnatwh" (Hiding)
> ** "-gnatwm" (Modified but unreferenced variables)
> ** "-gnatwk" (Variables that could be constants)
>
> I mean, for instance, a code with several variables that could be
> constants, even in local procedures is an ugly code, not clean, but
> generally it's ok if works. But I just want to understand what kind of
> other complications that code could get due to not fixing these type
> of constructs. Someone once told me that it could bring out code
> vulnerabilities, the binary app could become "hackeable", but he gave
> not a deep explanation (so I cannot convince others about this). And I
> did not find in ARM05 and gnat documentation. So, could someone give
> me a hint?
I don't think that "variables that could be constants" would make the
program unsafe in the ways you describe. Instead, it could prevent the
compiler from doing some optimizations. Bust the most important aspect
of these warnings is that, if you exmine the sources at the place of the
warning, you can discover bugs (it has happened to me several times).
The other important aspect is long-term maintenance of your sources. In
this context, if you decide not to fix the warnings, you basically
guarantee that someone else, years after you, will have to investigate
the warnings again.
In addition to these considerations, "implicit dereferencing" could be
important for safety-critical software, where the executable object
code, not the sources, must be certified. It is important to be able to
trace every instruction in the object code to a statement in the
sources. Here, the compiler is warning you that it is emitting machine
instructions that do not have an "obvious" source.
"Unreferenced formals" and "Modified but unreferenced variables" could
mean a design bug. If not, you can use pragma Unreferenced to document
the fact that you've looked at this warning and decided it was not a bug
(here again, think about long-term maintenance by many people).
"Hiding" is sometimes forbidden outright by coding standards, so you
want the compiler to warn you about that.
--
Ludovic Brenta.
next prev parent reply other threads:[~2011-02-23 20:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-23 18:52 Simple Warnings Needs Rego
2011-02-23 19:56 ` mockturtle
2011-02-23 23:07 ` jpwoodruff
2011-02-23 20:06 ` Ludovic Brenta [this message]
2011-02-23 21:55 ` Martin
2011-02-24 8:26 ` Markus Schöpflin
2011-02-26 3:51 ` Rego
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox