Re: printf format selection vs. reality

From: Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: printf format selection vs. reality
Date: 2018-05-23 22:36:43
Message-ID: CAEepm=3R+3uYyzHOVt9iSfBusFoCDhxmrxA_+g1TTcmMhASPEA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, May 24, 2018 at 8:28 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> The problem is to get a compiler that thinks that %z is a violation
> of *any* archetype. gaur's compiler does think that, but it has no
> archetype that does accept %z, so that's little help (I've had it
> building with -Wno-format since we added %z).

From the pie-in-the-sky department: I think it would be cool to
develop a Clang semantic checker plugin[1] that performs arbitrary
checks to our taste, as an external project. Custom format string
checkers might not be terribly interesting but would make an easy
starting point (maybe start by stealing some code from
lib/Sema/SemaChecking.cpp?), but there are plenty of less localised
programming rules in our project that are easy to break (stuff about
node types etc). I've seen this sort of thing done to impose house
rules on mountains of C++ code with good effect. You can either
invent your own attributes or (to avoid having to change the target
source tree at all) just hard code your checker to recognise stuff.
It's considerably easier to do this with the full AST etc than with
(say) checker scripts operating on the source. I'm not working on
this myself but I thought I'd mention it in case it interests someone
out there...

[1] https://clang.llvm.org/docs/ClangPlugins.html

--
Thomas Munro
http://www.enterprisedb.com

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2018-05-23 22:41:16 Re: SCRAM with channel binding downgrade attack
Previous Message Tom Lane 2018-05-23 22:04:04 Re: printf format selection vs. reality