From: Jonny Grant <jg@jguk.org>
To: Xi Ruoyao <xry111@mengyan1223.wang>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Subject: Re: gcc warn when pointers not checked non-null before de-referencing.
Date: Mon, 19 Jul 2021 19:20:11 +0100 [thread overview]
Message-ID: <CAGNDjJu1td_hdvF5C6wPoGo5MF_o=v10paOMT6P7rSZt4YnruA@mail.gmail.com> (raw)
In-Reply-To: <1976cf6269261bb38cce5b3a8f59a681e0bc2444.camel@mengyan1223.wang>
On Tue, 6 Jul 2021 at 16:39, Xi Ruoyao <xry111@mengyan1223.wang> wrote:
>
> On Sat, 2021-07-03 at 16:36 +0100, Jonny Grant wrote:
> >
> >
> > On 16/06/2021 14:36, Xi Ruoyao wrote:
> > > On Wed, 2021-06-16 at 14:01 +0100, Jonny Grant wrote:
> > >
> > > > Chris Latner also mentioned integer overflow being undefined, that
> > > > crops up too. There's no easy solution right, we need to hand write
> > > > code the checks? It's human-error prone if we need to manually code
> > > > each check. throwing in C++, or handling in C.
> > > >
> > > > if(N >= INT_MAX)
> > > > {
> > > > throw std::overflow_error("N >= INT_MAX would overflow in for
> > > > loop");
> > > > }
> > > >
> > > > for (i = 0; i <= N; ++i)
> > > > {
> > > > // ...
> > > > }
> > >
> > > For debugging use -fsanitize=undefined.
> > >
> > > And this is buggy anyway, no matter if there is an UB:
> > >
> > > for (unsigned i = 0; i <= N; i++)
> > > make_some_side_effect_without_any_undefined_behavior(i);
> > >
> > > If N may be UINT_MAX, this is not UB, but a dead loop. Programming is
> > > just human-error prone, even if you use "some programming language
> > > claimed to be able to eliminate many human errors" (I'll not say its
> > > name, to prevent a flame war).
> > >
> > Hi Xi
> >
> >
> > Checking the UINT_MAX would at least prevent the continual running of
> > any such buggy loop where it increments right? and the code within the
> > loop does not modify 'i'
> >
> > for (unsigned i = 0; (i <= N) && (i != UINT_MAX); i++)
> > make_some_side_effect_without_any_undefined_behavior(i);
>
> Even if i is signed, it will still "work" if you modify the &&
> expression a little:
>
> for (int i = 0; i != UINT_MAX && i < N; i++)
> make_some_side_effect_without_any_undefined_behavior(i);
>
> The problem is, now the behavior when N == UINT_MAX is same with when N
> == (UINT_MAX - 1). This can really puzzle someone who will call your
> function.
>
> If I'm designing this function I'd make it to interpret N as [0, N),
> instead of [0, N]:
>
> // Do something for each integer in [0, N).
> void do_something(int N)
> {
> for (int i = 0; i < N; i++)
> do_something_once(i);
> }
That's good, specify the limit.
>
> > Is there any way to have a way to make loop variables like this 'i'
> > const within the body of the loop, to avoid accidental changing of 'i'
> > by the body of the loop
>
> I don't think there is one in C. Perhaps, maybe use some "nasty"
> macros.
Probably I could use this pattern to avoid the risk of code modifying
the loop counter by accident.
for (int loop_var = 0; loop_var < N; loop_var++)
{
const int i = loop_var;
printf("i: %d\n", i);
}
Jonny
next prev parent reply other threads:[~2021-07-19 18:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-13 22:30 Jonny Grant
2021-06-14 5:15 ` Xi Ruoyao
2021-06-16 13:01 ` Jonny Grant
2021-06-16 13:36 ` Xi Ruoyao
2021-07-03 15:36 ` Jonny Grant
2021-07-06 15:39 ` Xi Ruoyao
2021-07-19 18:20 ` Jonny Grant [this message]
2021-06-16 17:59 ` Segher Boessenkool
2021-06-17 20:44 ` Jonny Grant
2021-06-18 4:16 ` Xi Ruoyao
2021-07-03 14:14 ` Jonny Grant
2021-07-03 16:22 ` Segher Boessenkool
2021-07-06 10:33 ` Jonny Grant
2021-06-18 8:38 ` Liu Hao
2021-06-18 14:53 ` Segher Boessenkool
2021-06-14 15:19 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGNDjJu1td_hdvF5C6wPoGo5MF_o=v10paOMT6P7rSZt4YnruA@mail.gmail.com' \
--to=jg@jguk.org \
--cc=gcc-help@gcc.gnu.org \
--cc=xry111@mengyan1223.wang \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).