public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
From: Martin Sebor <msebor@gmail.com>
To: Bernd Edlinger <bernd.edlinger@hotmail.de>,
	"gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>,
	Joseph Myers <joseph@codesourcery.com>,
	Jason Merrill <jason@redhat.com>, Jeff Law <law@redhat.com>,
	Richard Biener <rguenther@suse.de>,
	Jakub Jelinek <jakub@redhat.com>
Subject: Re: [PATCH] Implement a warning for bogus sizeof(pointer) / sizeof(pointer[0])
Date: Sat, 22 Apr 2017 06:51:00 -0000	[thread overview]
Message-ID: <776bb206-7b8e-1878-5411-3f1cdaabac05@gmail.com> (raw)
In-Reply-To: <AM4PR0701MB2162D22EC7A12EB0797E231DE41B0@AM4PR0701MB2162.eurprd07.prod.outlook.com>

On 04/20/2017 02:35 PM, Bernd Edlinger wrote:
> Hi!
>
>
> This implements a new -Wall enabled warning for a rather common, but
> completely wrong way to compute an array size by dividing the
> sizeof(pointer) / sizeof(pointer[0]) or sizeof(*pointer).
>
> It is often hard to find this kind of error by simple code inspection
> in real code, because using sizeof in this way is a quite common idiom
> to get the array size of an array variable.  And furthermore this
> expression may be used in macros, which makes it even more important to
> have this warning.
>
> There is a similar warning -Wsizeof-pointer-memaccess which helped in
> implementing the infrastructure for the new warning in the C FE.
>
> However I noticed that the -Wsizeof-pointer-memaccess warning was
> missing in C, when the sizeof is used inside parentheses, which is
> different from C++, so I fixed that too.
>
> Of course, I added some test cases for that as well.
>
> To illustrate the usefulness of this warning, it revealed quite a few
> places where bogus sizeof divisions were used in our testsuite.
>
>
> Bootstrapped and reg-tested on x86_64-pc-linux-gnu.
> Is it OK for trunk?

That seems like a useful warning.  Just a few comments.

First, -Wsizeof-array-argument already diagnoses a subset of
the same problems.  For example, with the patch applied, GCC
issues the two warnings below for following test case.  One
should be sufficient.

   $ cat y.c && gcc -S -Wall y.c
   int f (int a[])
   {
     return sizeof a / sizeof *a;
   }
   y.c: In function ‘f’:
   y.c:3:17: warning: ‘sizeof’ on array function parameter ‘a’ will 
return size of ‘int *’ [-Wsizeof-array-argument]
      return sizeof a / sizeof *a;
                    ^
   y.c:1:12: note: declared here
    int f (int a[])
               ^
   y.c:3:19: warning: dividing the pointer size by the element size 
[-Wsizeof-pointer-div]
      return sizeof a / sizeof *a;
                      ^

Second, I would suggest mentioning the actual types of the operands
rather than referring to "pointer size" and "element size."  Maybe
something like:

   division 'sizeof (int*) / sizeof (int)' does not compute the number 
of array elements

I suggest avoiding "element size" because the pointed-to argument
need not be an array.  Mentioning the types should help users better
understand the problem (especially in C++ where types are often
obscured by layers of templates).  It might also be a nice touch
to add a note pointing to the declaration of the first sizeof
operand (if it's an object).

Martin

  reply	other threads:[~2017-04-21 23:50 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-20 21:33 Bernd Edlinger
2017-04-22  6:51 ` Martin Sebor [this message]
2017-04-22 17:50   ` Bernd Edlinger
2017-04-28  3:23     ` Martin Sebor
2017-04-28 14:42       ` Bernd Edlinger
2017-04-28 16:27         ` Martin Sebor
2017-04-28 17:20           ` Bernd Edlinger
2017-05-01 15:54             ` Jason Merrill
2017-05-02 13:38               ` Bernd Edlinger
2017-05-03 13:15                 ` Jason Merrill
2017-05-12 16:56                   ` [PING] " Bernd Edlinger
2017-06-01 16:03                     ` [PING**2] " Bernd Edlinger
2017-06-01 22:09                       ` Joseph Myers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=776bb206-7b8e-1878-5411-3f1cdaabac05@gmail.com \
    --to=msebor@gmail.com \
    --cc=bernd.edlinger@hotmail.de \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    --cc=jason@redhat.com \
    --cc=joseph@codesourcery.com \
    --cc=law@redhat.com \
    --cc=rguenther@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).