Am Sonntag, dem 04.08.2024 um 20:34 +0200 schrieb Alejandro Colomar:
> On Sun, Aug 04, 2024 at 08:02:25PM GMT, Martin Uecker wrote:
> > Hi Alex,
>
> Hi Martin,
>
> > > Is this missing diagnostics?
> > >
> > > $ cat star.c
> > > void foo(char (*a)[3][*], int (*x)[__lengthof__(*a)]);
> > > void bar(char (*a)[*][3], int (*x)[__lengthof__(*a)]);
> > > void foos(char (*a)[3][*], int (*x)[sizeof(*a)]);
> > > void bars(char (*a)[*][3], int (*x)[sizeof(*a)]);
> > >
> > > int
> > > main(void)
> > > {
> > > int i3[3];
> > > int i5[5];
> > > char c35[3][5];
> > > char c53[5][3];
> > >
> > > foo(&c35, &i3);
> > > foo(&c35, &i5); // I'd expect this to fail
> >
> > Yes, this should fail. The int (*)[5] is not
> > compatible with int(*)[3].
> >
> > > bar(&c53, &i3); // I'd expect this to fail
> >
> > This is no contraint violation, because int (*)[5] is
> > compatible with int (*i)[*], so this needs to be accepted.
>
> No constraint, but I'd expect a diagnostic from -Wextra (array-bounds?).
>
> > It is then UB at run-time and the patches I posted recently
>
> Can you please send a link to those patches?
https://gcc.gnu.org/pipermail/gcc-patches/2024-July/657253.html
Martin
>
> > would catch this. When possible, a compile time warningÂ
> > would be nice and I am also looking into this.
> >
> > It would also be good if we could allow a compiler to
> > reject this at compile time... also something I am
> > thinking about.
>
> Thanks!
>
> >
> > > bar(&c53, &i5);
> > >
> > > foos(&c35, &i3);
> > > foos(&c35, &i5); // I'd expect this to fail
> > > bars(&c53, &i3); // I'd expect this to fail
> >
> > These are both okay, because the sizeof is not an integer
> > constant expressions (both int[*][3] and int[3][*] have
> > variable size), so the last argument has to be compatible
> > with int[*] which they both are. Both would trigger
> > run-time UB then because the size is then 15.
>
> D'oh! I screwed it. I wanted to have written this:
>
> $ cat star.c
> void foo(char (*a)[3][*], int (*x)[__lengthof__(*a)]);
> void bar(char (*a)[*][3], int (*x)[__lengthof__(*a)]);
> void foo2(char (*a)[3][*], int (*x)[sizeof(**a)]);
> void bar2(char (*a)[*][3], int (*x)[sizeof(**a)]);
>
> int
> main(void)
> {
> int i3[3];
> int i5[5];
> char c35[3][5];
> char c53[5][3];
>
> foo(&c35, &i3);
> foo(&c35, &i5); // I'd expect this to err
> bar(&c53, &i3); // I'd expect this to warn
> bar(&c53, &i5);
>
> foo2(&c35, &i3); // I'd expect this to warn
> foo2(&c35, &i5);
> bar2(&c53, &i3);
> //bar2(&c53, &i5); // error: -Wincompatible-pointer-types
> }
> $ /opt/local/gnu/gcc/lengthof/bin/gcc -Wall -Wextra star.c -S
> $
>
>
> >
> > Martin
>
> Cheers,
> Alex
>
