Category Archives: C

The tradeoffs in using -Weverything

In addition to well-known -Wall, clang offers another interesting warning flag: -Weverything. While it sounds like a “strictly better” option (the more warnings, the better?) it’s not.

This topic is already well covered by Arthur O’Dwyer’s blog post and the clang documentation.

Arthur makes a strong case against use of this flag. While the clang docs generally agree, though offering a slightly more lenient position:

If you do use -Weverything then we advise that you address all new compiler diagnostics as they get added to Clang, either by fixing everything they find or explicitly disabling that diagnostic with its corresponding Wno- option.

What I have not seen clearly expressed is how use of -Weverything is a tradeoff.

The downsides are:

  • Increased flag noise from having manually resolve contradicting flags (using  -Wno-c++98-compat and -Wno-missing-prototypes)
  • Friction in upgrading compilers. Upgrading may “break” your existing warning-clean code, because of new warnings that have been added. This means you need to resolve all of those issues (via fixing code, or adding new flags to disable warnings) before officially supporting the toolchain.
  • Exposure to “experimental” diagnostics that may be “lower quality”.

However, there are advantages:

  • Discovering useful new warnings that you may never have used otherwise
  • Finding and fixing bugs during compiler upgrades as a result of these new warnings

Whether you are working on a library or application will also affect your decision.

If you maintain a library (especially an open source one), it makes sense to avoid -Weverything. You have less control over which compiler versions your users use, and you want to avoid users encountering new warnings if they use a new compiler release to build the library. (Assuming you keep a warning-clean codebase).

However, if you are simply developing an application (especially a closed source one), it may make sense to use -Weverything. In this environment, you have complete control over the approved toolchain that can be used to build the project, and can have a transition period where new warnings are addressed. There will be more friction for toolchain upgrades, but you may find that the benefits in continually using the newest warnings outweigh that downside.

Thanks to Ryan Brown for teaching me this.

Surgical formatting with git-clang-format

If you’re already a 10x engineer, you probably won’t need this article. But for the rest of us, this is what I wish I knew about clang-format as an inexperienced C++ programmer: how to only format the changes in your pull request.


You may have already heard of clang-format. It auto-formats source files for languages including C and C++. You can aim it at a source file and format the entire thing using clang-format -i file.cpp.

If you’re contributing to a project that is already 100% clang-format clean, then this workflow works fine. But you’ll occasionally encounter a project that is not quite 100% formatted, such as LLVM, osquery, or Electron1.

For these projects, the “format entire files” workflow doesn’t work because you’ll incidentally format parts of the files that are unrelated to your contribution. This will add noise to your diff and make it harder for your reviewers.

In this case, you need a way to surgically format only the lines changed in your contribution. To do this, you can use the clang-format git extension. This article will cover the basics of git-clang-format, including a practical workflow that allows for messy development, and formatting at the end.

Continue reading

To Cage a Dragon: An obscure quirk of /proc

Introduction

An obscure quirk of the /proc/*/mem pseudofile is its “punch through” semantics. Writes performed through this file will succeed even if the destination virtual memory is marked unwritable. In fact, this behavior is intentional and actively used by projects such as the Julia JIT compiler and rr debugger.

This behavior raises some questions: Is privileged code subject to virtual memory permissions? In general, to what degree can the hardware inhibit kernel memory access?

By exploring these questions1, this article will shed light on the constraints the CPU can impose on the kernel, and how the kernel can bypass these constraints. To begin, we must understand how the hardware enforces memory permissions.

Continue reading

How setjmp and longjmp work

Pretty recently I learned about setjmp() and longjmp(). They’re a neat pair of libc functions which allow you to save your program’s current execution context and resume it at an arbitrary point in the future (with some caveats1). If you’re wondering why this is particularly useful, to quote the manpage, one of their main use cases is “…for dealing with errors and interrupts encountered in a low-level subroutine of a program.” These functions can be used for more sophisticated error handling than simple error code return values.

I was curious how these functions worked, so I decided to take a look at musl libc’s implementation for x86. First, I’ll explain their interfaces and show an example usage program. Next, since this post isn’t aimed at the assembly wizard, I’ll cover some basics of x86 and Linux calling convention to provide some required background knowledge. Lastly, I’ll walk through the source, line by line.

Continue reading