Is Ken Thompson’s compiler hack still a threat

Your question doesn't seem to actually be about how we report compiler errors - rather, it's about the classification of problems and what to do about them.

If we start by assuming, for the moment, that the warning/error dichotomy is correct, let's see how well we can build on top of that. Some ideas:

1. Different "levels" of warning. A lot of compilers sort-of implement this (for example GCC has lots of switches for configuring exactly what it will warn about), but it needs work - for example, reporting what severity a reported warning is, and the ability to set "warnings are errors" for only warnings above a specified severity.

2. Sane classification of errors and warnings. An error should only be reported if the code doesn't meet the specification, and hence cannot be compiled. Unreachable statements, while probably a coding error, should be a warning, not an error - the code is still "valid", and there are legitimate instances in which one would want to compile with unreachable code (quick modifications for debugging, for instance).

Now things I disagree with you on:

1. Making extra effort to report every problem. If there's an error, that breaks the build. The build is broken. The build will not work until that error is fixed. Hence, it's better to report that error immediately, rather than "carrying on" in order to try and identify everything else "wrong" with the code. Especially when a lot of those things are probably caused by the initial error anyway.

2. Your specific example of a warning-that-should-be-an-error. Yes, it's probably a programmer mistake. No, it shouldn't break the build. If I know the input to the function is such that it will always return a value, I should be able to run the build and do some tests without having to add those extra checks. Yes, it should be a warning. And a damn high-severity one at that. But it shouldn't break the build in and of itself, unless compiling with warnings-are-errors.

Thoughts?

Often, "upgrading the compiler introduced a bug" really means "upgrading the compiler revealed an existing bug".

This is especially so for C and C++, where the language spec has lots of areas where the behaviour of such-and-such is not defined. Aggressive optimization can causes changes in behaviour for code that strays outside of the envelope of what is defined.

(OTOH, it could be a real compiler / optimizer bug. However, you need some hard evidence before you start pointing fingers.)

What steps should be taken when this kind of situation occurs?

There are some ideas:

• Recompile with compiler warnings turned up to the max, and go though and fix your code so that the warnings go away.

• Run the code through Lint or an equivalent bug checker, and fix every reported problem.

• Turn down / off optimization. The down side is that your code will run slower.

• Revert to the old compiler. The downside is that you risk getting stuck.

• Check out the release notes / forums / issues database for the development suite to see if there are clues to what might have changes.

• If you are willing to do some difficult detective work, try and isolate the location of the problem to a particular file, then compare the machine code of the working / non-working versions of the code.

Also when upgrading compiler, what should be done to ensure that it will not break any build?

There's nothing you can really do. You just have to try it and see what happens. Of course, that means that you need to be able to revert top the old tool-chain (at least as a short-term fix) if something does go wrong.

The other thing is to get out of the mindset that a broken build is a disaster ... or being embarrassed about. It is only a major problem if the broken build has real consequences for production systems ... or your customers (loosely defined).