getting rid of mkproto.sh from Samba3

tridge at samba.org tridge at samba.org
Wed Jun 6 03:19:16 GMT 2007


Jerry,

 > I don't want to start any flame wars on style so this is
 > all I will say on the subject, but IMO all of your points 
 > imply that autogenerated headers are better because they
 > support bad programming habits.

I see it as preventing programmer mistakes. If we had tools to catch
those mistakes, then the situation would be different.

So to get rid of auto generated headers, I think it would be wise to
first write tools along the same lines as the current findstatic.pl
and minimal_includes.pl, but which catch the sort of errors that hand
written prototypes tend to lead to.

It's perfectly possible to write tools like that. For example, you
could have a tool that checks that the argument names in all of the
hand written prototypes match the argument names of the real
functions. It's a bit harder to check that the comment blocks match,
but might be doable somehow?

You could also have a tool that scans the hand written prototypes and
checks that all the functions exist in the object files, and have the
right symbol type (using objdump or nm). 

Another tool could check that every function that has a prototype
includes the header that declares the prototype.

All these tools would be potentially useful even if we are using
auto-generated prototypes, because we could use them on bits of
imported code (like heimdal) and on pieces of code that we decide not
to auto-prototype. So they might be worth writing anyway.

You may be tempted to think that auto-generated prototypes are not
needed as so many other projects get away without them. However if you
try minimal_includes.pl and findstatic.pl on those other projects, I
think you'll find that they do suffer from these sorts of
problems. Stephen Rothwell and myself spent some time running them
over the Linux kernel. Ben Elliston spent some time running them over
the gcc source code, and I think he now runs them very regularly. They
found piles of errors in both cases, which have now been fixed. This
is despite the fact that both projects have people doing constant
janitorial work looking for exactly this sort of problem.

I'd be surprised to find that any large C program which doesn't use
tools like these and doesn't auto-generate prototypes shows up clean
if you check for the sorts of mistakes I have mentioned. Can you think
of one that is a candiate for really good coding practices that we
could check?

It also relates to real bugs, and can even cause security problems in
some circumstances. There is a piece of Samba4 where we don't
correctly generate and check prototypes at the moment - the 'init'
functions for modules. I recently found we were getting a SIGBUS on
solaris/ultrasparc when starting smbd. The culprit? One of the init
functions (smb_setup_ejs_net) was returning void instead of
NTSTATUS. On every other platform this was OK, but on ultrasparc it
gets a SIGBUS. That bug happened because the code that called the
function didn't include a correct auto-generated prototype. Instead,
it used a different (incorrect) prototype. See r23011 in Samba4.

Cheers, Tridge


More information about the samba-technical mailing list