Wtype-limits and functional range checks

Wtype-limits and functional range checks

[Jan Smets]

Hi

We have a lot of typicalrange checks in our code that are 'incompatible' 
with GCC's -Wtype-limits.
(We've just upgraded from 3.4 to 4.6 and some 'type-limit' checks were 
enabled by default in GCC 3, but have become too noisy in GCC4)

Take this example :

#define MIN 0
#define MAX 100

typedef unsigned short tSomeType;

int doSomething(tSomeType value)
{
        if ((value < tSomeType_MIN) || (value > tSomeType_MAX)) {
            return 1;
        }
        return 0;
}

Would give: warning: comparison is always false due to limited range of 
data type [-Wtype-limits]
or, if you change the typedef short to int: warning: comparison of 
unsigned expression < 0 is always false [-Wtype-limits]

This is 100% valid... but it's not very practical. The reason the range 
check is there because MIN and MAX can change flexible somewhere in the 
future.

I'd really like to use this warning because it can improve code quality 
a lot.
I tried to think of various ways to work around it (macro's , #pragma's) 
but I couldn't find any that satisfied me.

Is there a way to disable this warning for "range" checks (ie, when 
there is both a > and < compare of the same variable) ?

Can anyone help me hacking this in or at least give me some hints how to 
do this.
(e.g, how do I know if value is used twice in the if()?)  I had a look 
at c-family/c-common.c but I don't see how this can be done.

Any help is appreciated.

Thanks

  - Jan

Re: Wtype-limits and functional range checks

[Jan Smets]

On 23/07/2012 20:05, Ángel González wrote:
> On 23/07/12 12:35, Jan Smets wrote:
>> Can anyone help me hacking this in or at least give me some hints how 
>> to do this.
>> (e.g, how do I know if value is used twice in the if()?)  I had a 
>> look at c-family/c-common.c but I don't see how this can be done.
>>
>> Any help is appreciated.
>>
>> Thanks
>>
>>  - Jan
> I would
> a) Replace all such usages with a macro like: CHECK_RANGE(value, 
> tSomeType_MIN, tSomeType_MAX) (or you could have a macro per type and 
> the min & max hardcoded on each one). This makes easy to change the 
> implementation later or even disable it depending on the compilation.
>
> b) Instead of doing the check, convert it to a call to an inline 
> function. If ((foo < min) || (foo > max)) will give the warning, but 
> if (check_range(foo, min, max)) won't, even if it's defined as:
> static inline int check_range(int value, int min, int max) {
>     return (value < min) || (value > max);
> }
> and thus completely optimized inline [you can also mark it as 
> __attribute__((always_inline)) if you want to force it, it still won't 
> warn... yet].
> ||

I did consider these options. But they're not user friendly IMHO.  I can 
surely tell 300 devs about this macro/inlined function. But how many 
will remember this after a month? A year ?

The result is that people start avoiding  MIN checks in their code and 
functionality gets broken.

So I still prefer a way to disable this checking when there is a 
larger-than and less-than compare of the same variables in the same if() 
block.

Where do I start? I don't expect people to do this for me, but I could 
use some pointers to get started.
Thanks

- Jan