Rather than making everyone blindly run indent or consult the manual
every time, spell out what these options mean.
Change-Id: I06186bd93bb06d703b7df2974e43d6ee6b0f59cd
Reviewed-on: https://gerrit.openafs.org/15628
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
The current developer pool prefers to always use braces, for the
reasons given in the updated guidance.
This will apply to new code going forward, and does not imply a desire
to do a sweeping pass to change current instances.
Change-Id: If6e157438f222ca805506cc55cd61b969dce63a3
Reviewed-on: https://gerrit.openafs.org/15717
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
We don't really need a "Danger Will Robinson"-style warning at this
point.
Also update the browsing URL to use TLS (https://).
Change-Id: I102b8bd8a8c91c68d6d6383ea146a0cb57b8d571
Reviewed-on: https://gerrit.openafs.org/15716
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Right now, that's just Makefile and plain text.
We'll want to add more eventually.
Change-Id: I10c559fe94c7c634e1de6d98020a1c7a391da2b4
Reviewed-on: https://gerrit.openafs.org/15629
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
The first section was a mix of GNU ident options and build system
guidance. Move the former into the style section and create a new
section for the latter.
Remove specific suggested compiler flags in favor of --enable-checking.
Change-Id: I1fc86ded6faee13575dd4913586a829f75daeef8
Reviewed-on: https://gerrit.openafs.org/15627
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Attempt to enumerate things that reviewers should look for, to ensure
a consistent quality of review. This should be a good start; we can
add to it in the future as we discover more things that we'd like
reviewers to consider.
As a side effect, attempt to enumerate the bits of C99 that we rely on,
past the C89 baseline that we otherwise assume.
Change-Id: I047cc0accc99d2aea7bb7eb1c35ae148bff2ee7d
Reviewed-on: https://gerrit.openafs.org/15611
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Heimdal's hcrypto declares various DES functions as deprecated. We use
these functions in various files, and so we inhibit the
-Wdeprecated-declarations warning so we can build with
--enable-checking.
Heimdal declares these functions as deprecated using the HC_DEPRECATED
(or HC_DEPRECATED_CRYPTO) macro, which conditionally expands to
__attribute__((deprecated)) depending on the platform. If we define
HC_DEPRECATED ourselves to nothing before including the relevant header
file, those functions will effectively not be declared deprecated. Some
of our source files do this to avoid the -Wdeprecated-declarations
warning.
Some of our code does one of these to avoid the warning, and some does
both. We should pick one or the other, and be consistent about it. In
this commit, get rid of defining HC_DEPRECATED (and
HC_DEPRECATED_CRYPTO) ourselves, and just inhibit the relevant warning
the same way we do for all other warnings.
All instances of this are also currently missing from the "Inhibited
warnings" section in CODING. Add all instances to that list.
Change-Id: I4d7ece94be22457ceefbe52b6ec286e67423e8cb
Reviewed-on: https://gerrit.openafs.org/15776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
We currently do not build 'fc_test' or any of the programs in
src/rxkad/test, and they've bitrotted as a result. Clean them up so
they can build again, and make them all built by default.
Some of these programs depend on higher-level libraries (like
libafsauthent) that depend on rxkad, so we cannot build the test
programs during the top-level 'make rxkad' target. So instead, create
a new top-level target called 'rxkad_test' that just builds the test
programs. Move 'fc_test' into the test subdir to make it easier to
build with the other test programs.
Change-Id: Ic5570efd9076e3e4feec18002d67ce8d58f321d1
Reviewed-on: https://gerrit.openafs.org/14750
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Try to normalize the use of top-level (==) and second-level (--)
heading markers, and make the length of the header marker match
the length of the preceding line.
Wrap some long lines.
Document the existing practice of using braces for one-line conditional
bodies when other branches of the conditional need braces.
Update list of build-dependencies for Debian.
Update size of the git repository.
Mention the Stable Release Manager for backports.
Clarify that --enable-checking=all is not generally useful.
Promote the guidance to document new warning inhibitions into a
full directive (i.e., remove "please").
Add some more line breaks in the section on inhibited warnings to
try to have things line up better in the designated columns.
Change-Id: Ibfb7f3a2ad0ec82a401b4b028ab108f87a9b2b03
Reviewed-on: https://gerrit.openafs.org/15610
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Due to a bug in gcc-12 and gcc-13, several warnings are generated for a
use-after-free in crypto.c, which leads to a build failure with
--enable-checking:
src/external/heimdal/krb5/crypto.c:1157:9: error: pointer ‘p’ may be
used after ‘realloc’ [-Werror=use-after-free]
1157 | free(p);
| ^~~~~~~
src/external/heimdal/krb5/crypto.c:1155:20: note: call to ‘realloc’
here
1155 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
However, reviewing the code around these warnings shows that the
use-after-free warnings are incorrectly generated (false positive). The
documentation for realloc states that realloc will return a NULL and not
alter the storage passed if there was an error allocating and the size
passed is non-zero.
There is a possible work-around for the false positive. One can use a
variable that is not a member of a structure to hold and test the value
returned from realloc, then update the structure member from that
variable.
However, the code that is producing the message is in a heimdal external
file, so we cannot modify the source. So just use the compiler flag
-Wno-use-after-free to avoid the warning/error.
Update configure to add tests for the -Wno-use-after-free flag, update
the Makefile to add the flag for CFLAGS.crypto.lo, and update CODING
for the new exception.
Because this is an important check, only disable the warning if the
compiler exhibits this specific bug. We do this by adding specific
configure tests for the compiler bug and conditionally set a CFLAG
variable if the bug is present.
NOTE: The false positive and work-around can be demonstrated with the
following code using gcc-12 (with -O0) or gcc-13 (not sensitive to the
optimization level):
somestruct->somepointer = realloc(ptr, somesize);
if (somestruct->somepointer == NULL && somesize != 0) {
free(ptr); << gets flagged as use-after-free
handle enomem...
}
However the following doesn't get flagged:
char *tmpptr = realloc(ptr, somesize);
if (tmpptr == NULL && somesize != 0) {
free(ptr);
handle enomem...
}
somestruct->somepointer = tmpptr;
The GCC ticket https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110501
has been marked as confirmed.
Change-Id: I28566354da4199389964210f954cda1213098088
Reviewed-on: https://gerrit.openafs.org/15471
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
In lwp/process.c the address of a stack variable is saved as part of
creating a new context. GCC-12 is flagging the statement with a
diagnostic:
./process.c:46:24: error: storing the address of local variable
‘stackvar’ in ‘*savearea.topstack’ [-Werror=dangling-pointer=]
46 | savearea->topstack = (char *)&stackvar;
| ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
In this particular case, the code is meaning to save the address of the
stack in preparation of setting up a new context, which requires knowing
the address the current stack.
The diagnostic is changed from a warning to an error when configured
with --enable-checking.
Set the env variable CFLAGS_NODANGLING_POINTER to
'-Wno-dangling-pointer' if the compiler supports the option and update
the src/lwp/Makefile.in to use the flag when compiling process.c
Change-Id: Ibec956b505c0edad9b74d63b9bb7805f6f0cba01
Reviewed-on: https://gerrit.openafs.org/14957
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Every function should be explicitly declared before it can be called.
Since -Wimplicit-function-declaration is usually a warning and not an
error, calling undeclared functions does not prevent us from building
the code.
However, apple-clang 12 makes this an error by default, prohibiting the
build of the current version on macOS 11 (Big Sur).
To fix this problem, declare functions before calling them. Also,
include mach/thread_act.h into afs_call.c so the declaration of
thread_terminate() can be found on macOS. Last, given that the third
argument of PIOCTL() (if UKERNEL is defined) is a pointer, cast it to
'long'. Doing so, we can avoid another inhibited warning. Notice that
this PIOCTL definition is scoped to a single file (src/auth/ktc.c).
Change-Id: I6d796c10ea4dd81b13ae5feb9f42608aa445560d
Reviewed-on: https://gerrit.openafs.org/14744
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
In an effort to avoid the usage of undeclared functions, add wrappers
for ubik_Call_SingleServer() (_BUDB_GetVolumes(), _BUDB_DumpDB()) and
adjust its callers accordingly.
Also, make sure that ubik_Call_SingleServer() uses the same signature as
ubik_Call(). This change helps us to get rid of casting errors.
Change-Id: I431360f7a42a81b1f20005ebaf0c703bab73a963
Reviewed-on: https://gerrit.openafs.org/14886
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The linux 5.17 commit:
"Makefile: Enable -Wcast-function-type" (552a23a0)
added the -Wcast-function-type compiler flag for kernel module builds.
This change catches a type mismatch in the external files obtained from
heimdal: hcrypto/evp.c and hcrypto/evp-algs.c and produces the following
type of compile time error messages.
src/libafs/MODLOAD-.../evp.c: In function ‘hc_EVP_md_null’:
src/libafs/MODLOAD-.../evp.c:501:2: error: cast between incompatible
function types from ‘void (*)(void *)’ to ‘int (*)(EVP_MD_CTX *)’
{aka ‘int (*)(struct hc_EVP_MD_CTX *)’}
[-Werror=cast-function-type]
501 | (hc_evp_md_init)null_Init,
| ^
Use AX_APPEND_COMPILE_FLAGS to create a CFLAGS_NOCAST_FUNCTION_TYPE
macro to disable this warning and update the CFLAGS for these 2 files
for the Linux libafs build.
Update the CODING documentation to add the new exceptions. In addition
add a brief description on how to set up autoconf to add a new build
macro to suppress compiler warnings.
Note: upstream heimdal has committed a fix for this in:
hcrypto: Fix return type for null_Init, null_Update and null_Final
(fc4b3ce49b)
Change-Id: I05b716867016a33ca02a791ed6bc5a7d846de608
Reviewed-on: https://gerrit.openafs.org/14881
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Clang-10 will not recognize '/* fall through */' as an indicator to
turn off the fallthrough warning due to the lack of a 'break' in a case
statement.
Code generated by flex uses the '/* fall through */' comments to turn
off compiler warnings for fallthroughs in case statements.
For code generated by flex, ignore the implicit-fallthrough via pragma
or disable the warning via a compile time flag.
Add new env variable "CFLAGS_NOIMPLICIT_FALLTHROUGH" to selectively
disable the compile check in Makefiles when checking is enabled.
Change-Id: I4c054defda03daa2aeb645ae2271dfa0cb54925f
Reviewed-on: https://gerrit.openafs.org/14275
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Clang-10 will not recognize '/* fallthrough */' as an indicator to
turn off the fallthrough diagnostic due to the lack of a 'break' in a
case statement. Clang-10 requires the '__attribute__((fallthrough))'
statement to disable the diagnostic.
In addition clang-10 is finding additional locations where fall throughs
occur.
Determine if the compiler supports '__attribute__((fallthrough))' to
disable the implicit fallthrough diagnostic.
Define a new macro 'AFS_FALLTHROUGH' that will disable the fallthrough
diagnostic. Set it as a wrapper for the Linux kernel's 'fallthrough'
macro if available, otherwise set it as a wrapper macro for
'__attribute__((fallthrough))' if the compiler supports it.
Update CODING to document the use of AFS_FALLTHROUGH when needing to
fallthrough between case statements.
Replace the '/* fallthrough */' comments with AFS_FALLTHROUGH, and add
AFS_FALLTHROUGH as needed.
Replace some fallthroughs with a break (or goto) if the flow was was
just to a break (or goto).
e.g. case x: case x:
somestmt; somestmt;
break;
case y: case y:
break; break;
Correct a mis-indented brace '}' in src/WINNT/afsd/smb3.c
Note, the clang maintainers have rejected the use of comments as a flag
to turn off the fall through warnings.
Change-Id: Ia5da10fc14fc1874baca035a3cf471e618e0d5f5
Reviewed-on: https://gerrit.openafs.org/14274
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 7 is producing new warnings due to better compile time analysis.
With --enable-checking v5der.c is failing with 2 errors due to possible
format-truncation in some snprintf calls. The format strings are being
used to format a date and time values from a tm structure.
The actual warnings/errors are being triggered from arithmetic being
performed on the year and month members of the structure. The resulting
values should not exceed the format lengths, but the compilers are still
flagging the statements.
v5der.c is part of the heimdal package that is pulled into the openafs
source tree. v5der.c is not compiled directly but is #included in
ticket5.c
Update ticket5.c to change the severity of the format-truncation
diagnostic to a warning if using GCC 7 (or higher).
Note: since v5der.c is pulled from an external source (heimdal), any
changes to update v5der.c directly would need to be performed upstream.
Change-Id: Icda0d86444f505604abe9fa1cc2450d7538be7ef
Reviewed-on: https://gerrit.openafs.org/13661
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update the style guide with a declaration of the prevailing and
preferred brace style for one-line if statements and loops. Provide an
example and counter-example.
Change-Id: Iafeea977203b76c0e67385779fb4ed57f3c6699a
Reviewed-on: https://gerrit.openafs.org/12370
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Document the preferred style for multiple line comment blocks and give an
example.
Change-Id: I73d6183da9014a943316e5aea1d43be2acc81ad7
Reviewed-on: https://gerrit.openafs.org/12361
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Resolves these warnings:
ticket5.c: In function ‘tkt_MakeTicket5’:
ticket5.c:574:33: warning: pointer targets in passing argument 1 of ‘_rxkad_v5_encode_EncTicketPart’ differ in signedness [-Wpointer-sign]
code = encode_EncTicketPart(encodebuf, allocsiz, &data, &encodelen);
^
In file included from ticket5.c:80:0:
v5gen-rewrite.h:43:30: note: expected ‘unsigned char *’ but argument is of type ‘char *’
#define encode_EncTicketPart _rxkad_v5_encode_EncTicketPart
^
v5gen.c:1889:1: note: in expansion of macro ‘encode_EncTicketPart’
encode_EncTicketPart(unsigned char *p, size_t len, const EncTicketPart * data, size_t * size)
^
ticket5.c:602:33: warning: pointer targets in passing argument 1 of ‘_rxkad_v5_encode_EncryptedData’ differ in signedness [-Wpointer-sign]
code = encode_EncryptedData(ticket + *ticketLen - 1, *ticketLen, &encdata, &tl);
^
In file included from ticket5.c:80:0:
v5gen-rewrite.h:16:30: note: expected ‘unsigned char *’ but argument is of type ‘char *’
#define encode_EncryptedData _rxkad_v5_encode_EncryptedData
^
v5gen.c:690:1: note: in expansion of macro ‘encode_EncryptedData’
encode_EncryptedData(unsigned char *p, size_t len, const EncryptedData * data, size_t * size)
^
ticket5.c: In function ‘tkt_DecodeTicket5’:
ticket5.c:320:10: warning: ‘plainsiz’ may be used uninitialized in this function [-Wmaybe-uninitialized]
code = decode_EncTicketPart((unsigned char *)plain, plainsiz, &decr_part, &siz);
^
Change-Id: Ic1b878f01cf82222dc258847747ce192ee5948fc
Reviewed-on: http://gerrit.openafs.org/11955
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Resolves this warning:
admin_tools.c: In function ‘SetFields’:
admin_tools.c:611:30: warning: pointer targets in passing argument 2 of ‘ktime_DateToInt32’ differ in signedness [-Wpointer-sign]
code = ktime_DateToInt32(s, &expiration);
^
In file included from /home/anders/wd/openafs/include/afs/afsutil.h:84:0,
from admin_tools.c:39:
/home/anders/wd/openafs/include/afs/afsutil_prototypes.h:101:18: note: expected ‘afs_int32 *’ but argument is of type ‘afs_uint32 *’
extern afs_int32 ktime_DateToInt32(char *adate, afs_int32 * aint32);
^
Change-Id: Id24e7a6cd1ab2291c0c05d3835f4ad7fddfec8d7
Reviewed-on: http://gerrit.openafs.org/11956
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Replaces this warning:
afs_kasAdmin.c: In function ‘GetPrincipalLockStatus’:
afs_kasAdmin.c:710:6: warning: implicit declaration of function ‘ubik_CallIter’ [-Wimplicit-function-declaration]
ubik_CallIter(KAM_LockStatus, kaserver->servers, UPUBIKONLY,
^
with these marginally less alarming warnings:
In file included from ../adminutil/afs_AdminInternal.h:17:0,
from afs_kasAdmin.c:21:
/home/anders/wd/openafs/include/ubik.h:627:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
extern afs_int32 ubik_CallIter(int (*aproc) (), struct ubik_client *aclient,
^
/home/anders/wd/openafs/include/ubik.h:632:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
extern afs_int32 ubik_Call_New(int (*aproc) (), struct ubik_client
^
Change-Id: I49dbc5f6bb9199764c73c6ee8449d62518f377e6
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-on: http://gerrit.openafs.org/11954
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Move the information about compiler warnings to the CODING
readme file.
Change-Id: I0be752c76ddee809fe80bd1f97048953eeee89ee
Reviewed-on: http://gerrit.openafs.org/10975
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Move the REAME.GIT information to the CODING readme file.
Change-Id: I3013e03ebfe003dce23f0e2d808ab6905dd2b452
Reviewed-on: http://gerrit.openafs.org/10974
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Rename the developer's readme file to CODING as a home
for developer related information.
Change-Id: I8c2cf70258671387b926ef3d666f6476056ef06e
Reviewed-on: http://gerrit.openafs.org/10973
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
