|
HORATIO HORNBLOWER posted:Compiling C without -Wall -Werror or the moral equivalent is a horror. What's funny is you still don't catch this with -Wall. To get -Wunreachable-code turned on you have to compile with -Weverything
|
# ? Feb 22, 2014 19:23 |
|
|
# ? May 17, 2024 14:29 |
|
-Wall doesn't include the unreachable code check (at least in GCC, and probably clang). Now that I think about it, that could have been caused by a hosed up merge; merge tools are good but they're not perfect. In that case it probably would have passed code review (since most teams review diffs). Still, you'd think a unit test / regression test would have caught it.
|
# ? Feb 22, 2014 19:23 |
|
Yeah, considering it was only in that one published revision and not any before or after, it was certainly a bad merge. The guy who found that line of code must have screamed after realizing what happened.
|
# ? Feb 22, 2014 19:26 |
|
evensevenone posted:-Wall doesn't include the unreachable code check (at least in GCC, and probably clang). I'd bet on someone trying to remove an if and forgetting the statement. The diff between versions has a lot of code cleanup.
|
# ? Feb 22, 2014 19:26 |
|
https://gist.github.com/alexyakoubian/9151610/revisions (line 631) There's no other changes near it, so it's not really clear what happened.
|
# ? Feb 22, 2014 19:31 |
|
Plorkyeran posted:https://gist.github.com/alexyakoubian/9151610/revisions (line 631) My bet is on a copy-paste mistake while refactoring and moving those if statements around.
|
# ? Feb 22, 2014 20:16 |
|
Dren posted:My bet is on a copy-paste mistake while refactoring and moving those if statements around. Alternately,
|
# ? Feb 22, 2014 20:42 |
|
Time for the peanut gallery to weigh in. First up, Nadim Kobeissi, the widely respected 15-year-old crypto genius: http://log.nadim.cc/?p=126quote:It’s interesting to note that had the programmer used an initial if statement in that method followed by else if statements, their code would not only most likely be more efficient when compiled, but the second goto fail statement would have been detected as invalid by the compiler. This vulnerability would have then been avoided. But the programmer went for a less efficient method which made the bug possible. Swing and a miss.
|
# ? Feb 22, 2014 21:27 |
|
Suspicious Dish posted:Swing and a miss. I would still use braces myself.
|
# ? Feb 22, 2014 22:08 |
|
Suspicious Dish posted:Time for the peanut gallery to weigh in. First up, Nadim Kobeissi, the widely respected 15-year-old crypto genius: http://log.nadim.cc/?p=126 Who is this person because they missed the point so drat hard.
|
# ? Feb 22, 2014 22:18 |
|
http://en.wikipedia.org/wiki/Nadim_Kobeissi http://en.wikipedia.org/wiki/Cryptocat#Security_concerns http://tobtu.com/decryptocat.php Suspicious Dish fucked around with this message at 22:29 on Feb 22, 2014 |
# ? Feb 22, 2014 22:27 |
|
Suspicious Dish posted:http://en.wikipedia.org/wiki/Nadim_Kobeissi Cryptocat still makes me really angry especially how the startup community responded to it being completely broken. gently caress that guy. Also if you think an if else is faster than if goto I really have to wonder what you think the compiler output is. E:if you do build error handling into an if else chain of doom you are a bad person and should feel bad. Very very bad.
|
# ? Feb 22, 2014 22:29 |
|
Suspicious Dish posted:http://en.wikipedia.org/wiki/Nadim_Kobeissi Saw him talk once, haven't been so angry in a while. "Look my software isn't great, sure there was that bug that meant all traffic for the last year could be decrypted without a key, It's experimental and people shouldn't use it" "By the way look at all the people who are using my software, isn't it cool" or you know what's cool: putting people's lives at stake. that's cool.
|
# ? Feb 22, 2014 22:32 |
|
tef posted:Saw him talk once, haven't been so angry in a while. How did you not punch him in the face?
|
# ? Feb 22, 2014 22:43 |
|
apseudonym posted:How did you not punch him in the face? Human decency and self-restraint?
|
# ? Feb 22, 2014 22:47 |
Throw a shoe at him next time.
|
|
# ? Feb 22, 2014 22:49 |
|
Coding horrors thread: throwing shoes at 15 year olds
|
# ? Feb 23, 2014 00:21 |
He's 24 years old according to the wiki.
|
|
# ? Feb 23, 2014 00:23 |
|
Plorkyeran posted:https://gist.github.com/alexyakoubian/9151610/revisions (line 631) is that the actual revision history, or just the revision history of that gist?
|
# ? Feb 23, 2014 00:34 |
|
apseudonym posted:E:if you do build error handling into an if else chain of doom you are a bad person and should feel bad. Very very bad. Which yeah, would've resulted in a compile error in this particular case. But there's better solutions such that the "else if" commentary wasn't really worth him making.
|
# ? Feb 23, 2014 00:42 |
|
evensevenone posted:is that the actual revision history, or just the revision history of that gist?
|
# ? Feb 23, 2014 01:02 |
|
Don Mega posted:He's 24 years old according to the wiki. Among my people the tradition is one shoe per year of age.
|
# ? Feb 23, 2014 02:43 |
|
https://twitter.com/SecureTips/status/437636832403001344
|
# ? Feb 23, 2014 20:36 |
|
The manual page for goto in PHP begins with an XKCD comic. Amazing.
|
# ? Feb 23, 2014 20:41 |
|
Internet Janitor posted:The manual page for goto in PHP begins with an XKCD comic. Amazing. Makes sense both are overused unfunny "jokes" that have long sense outstayed their welcome.
|
# ? Feb 23, 2014 21:00 |
|
ultramiraculous posted:What's funny is you still don't catch this with -Wall. To get -Wunreachable-code turned on you have to compile with -Weverything The -Wall doesn't turn on all warnings? -Wall and -Weverything do two different things? How is that not a horror? PHP was rightly ridiculed for exactly the same behaviour.
|
# ? Feb 23, 2014 21:02 |
|
qntm posted:The -Wall doesn't turn on all warnings? -Wall and -Weverything do two different things? How is that not a horror? And -ansi -pedantic doesn't flag every use of a gcc extension as a warning or error.
|
# ? Feb 23, 2014 21:07 |
|
Plorkyeran posted:gcc can't add things to -Wall because that breaks all the terrible projects that have -Werror in their default CFLAGS and the users throw a shitstorm. Clang might be able to get away with it due to that there's a lot less legacy code being compiled with it. -Weverything also shows that you don't actually want to enable all warnings. I wouldn't be surprised if there's some contradictory warnings.
|
# ? Feb 23, 2014 21:09 |
|
There are at least contradictory warnings across different compilers.
|
# ? Feb 23, 2014 21:35 |
|
Hughlander posted:Makes sense both are overused unfunny "jokes" that have long sense outstayed their welcome. All three of those things, in fact.
|
# ? Feb 23, 2014 21:39 |
|
Hughlander posted:Makes sense both are overused unfunny "jokes" that have long sense outstayed their welcome. What's ridiculous is that PHP uses the xkcd comic as a warning not to use goto, and then never expounds on it. Newbie developers will see that, laugh, and assume that it's an exaggeration, before making awful spaghetti code because they don't know any better.
|
# ? Feb 23, 2014 21:40 |
|
Otto Skorzeny posted:And -ansi -pedantic doesn't flag every use of a gcc extension as a warning or error. There are vanilla and gnu variations of each language standard using the "-std=c89/gnu89" parameter. But then the man page says "-ansi" is supposed to be equivalent, I guess you should be logging bugs if extensions are not caught. MrMoo fucked around with this message at 22:07 on Feb 23, 2014 |
# ? Feb 23, 2014 22:05 |
|
Volmarias posted:What's ridiculous is that PHP uses the xkcd comic as a warning not to use goto, and then never expounds on it. Newbie developers will see that, laugh, and assume that it's an exaggeration, before making awful spaghetti code because they don't know any better. Whereas all experienced devs will look on at goto for the dinosaur it is.
|
# ? Feb 23, 2014 22:09 |
|
MrMoo posted:There are vanilla and gnu variations of each language standard using the "-std=c89/gnu89" parameter. But then the man page says "-ansi" is supposed to be equivalent, I guess you should be logging bugs if extensions are not caught. No, filing bugs will accomplish nothing here. It's by design (read: rms diktat) and implied in the name that the -pedantic switch does not work right, cf. the manual: quote:`-pedantic' does not cause warning messages for use of the e: expanded quote slightly Blotto Skorzany fucked around with this message at 22:33 on Feb 23, 2014 |
# ? Feb 23, 2014 22:27 |
|
Volmarias posted:What's ridiculous is that PHP uses the xkcd comic as a warning not to use goto, and then never expounds on it. Newbie developers will see that, laugh, and assume that it's an exaggeration, before making awful spaghetti code because they don't know any better. As if newbies would read the manual.
|
# ? Feb 23, 2014 22:31 |
|
Otto Skorzeny posted:e: expanded quote slightly Dear Oracle: please let suncc die a good death.
|
# ? Feb 23, 2014 22:47 |
|
Otto Skorzeny posted:
Hahah, this is even better in the context of his Clang/LLVM post from a while back.
|
# ? Feb 23, 2014 22:55 |
|
Yeah, that's right, I compile with -Wall and -pedantic Then I get mad and type `python` 'cause I ain't got time for semantics
|
# ? Feb 23, 2014 22:59 |
|
While we're on the topic, I just want to say I love that all the warning flags start with W, because they almost always make words. I always pronounce them as they're written, so "wall", "weverything", "wunreachable"
|
# ? Feb 23, 2014 23:13 |
|
|
# ? May 17, 2024 14:29 |
|
You can't spell -funroll-loops without 'fun'!
|
# ? Feb 23, 2014 23:25 |