Re: [RFC v3 3/3] c: Add lengthof() operator

Alejandro Colomar Sun, 04 Aug 2024 11:34:41 -0700

On Sun, Aug 04, 2024 at 08:02:25PM GMT, Martin Uecker wrote:
> Hi Alex,

Hi Martin,


> > Is this missing diagnostics?
> > 
> >     $ cat star.c 
> >     void foo(char (*a)[3][*], int (*x)[__lengthof__(*a)]);
> >     void bar(char (*a)[*][3], int (*x)[__lengthof__(*a)]);
> >     void foos(char (*a)[3][*], int (*x)[sizeof(*a)]);
> >     void bars(char (*a)[*][3], int (*x)[sizeof(*a)]);
> > 
> >     int
> >     main(void)
> >     {
> >             int  i3[3];
> >             int  i5[5];
> >             char c35[3][5];
> >             char c53[5][3];
> > 
> >             foo(&c35, &i3);
> >             foo(&c35, &i5);  // I'd expect this to fail
> 
> Yes, this should fail. The int (*)[5] is not
> compatible with int(*)[3].
> 
> >             bar(&c53, &i3);  // I'd expect this to fail
> 
> This is no contraint violation, because int (*)[5] is
> compatible with int (*i)[*], so this needs to be accepted.

No constraint, but I'd expect a diagnostic from -Wextra (array-bounds?).

> It is then UB at run-time and the patches I posted recently

Can you please send a link to those patches?

> would catch this.  When possible, a compile time warning 
> would be nice and I am also looking into this.
> 
> It would also be good if we could allow a compiler to
> reject this at compile time... also something I am
> thinking about.

Thanks!

> 
> >             bar(&c53, &i5);
> > 
> >             foos(&c35, &i3);
> >             foos(&c35, &i5);  // I'd expect this to fail
> >             bars(&c53, &i3);  // I'd expect this to fail
> 
> These are both okay, because the sizeof is not an integer
> constant expressions (both int[*][3] and int[3][*] have
> variable size), so the last argument has to be compatible
> with int[*] which they both are.  Both would trigger
> run-time UB then because the size is then 15.

D'oh!  I screwed it.  I wanted to have written this:

        $ cat star.c 
        void foo(char (*a)[3][*], int (*x)[__lengthof__(*a)]);
        void bar(char (*a)[*][3], int (*x)[__lengthof__(*a)]);
        void foo2(char (*a)[3][*], int (*x)[sizeof(**a)]);
        void bar2(char (*a)[*][3], int (*x)[sizeof(**a)]);

        int
        main(void)
        {
                int  i3[3];
                int  i5[5];
                char c35[3][5];
                char c53[5][3];

                foo(&c35, &i3);
                foo(&c35, &i5);  // I'd expect this to err
                bar(&c53, &i3);  // I'd expect this to warn
                bar(&c53, &i5);

                foo2(&c35, &i3);  // I'd expect this to warn
                foo2(&c35, &i5);
                bar2(&c53, &i3);
                //bar2(&c53, &i5);  // error: -Wincompatible-pointer-types
        }
        $ /opt/local/gnu/gcc/lengthof/bin/gcc -Wall -Wextra star.c -S
        $ 


> 
> Martin

Cheers,
Alex

-- 
<https://www.alejandro-colomar.es/>

signature.asc
Description: PGP signature

Re: [RFC v3 3/3] c: Add __lengthof__() operator

Reply via email to

Re: [RFC v3 3/3] c: Add lengthof() operator