From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) by sourceware.org (Postfix) with ESMTPS id A04D13857BAD for ; Mon, 13 Jun 2022 09:49:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A04D13857BAD Received: by mail-qv1-xf36.google.com with SMTP id a9so3978346qvt.6 for ; Mon, 13 Jun 2022 02:49:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wOVaRYODwqIzq4K7xGrFf6sgJofbU1kKu963PNUig0Q=; b=fWyzuszty21Nr6A15hHs59lyv/ftqMmJfnyWQgQvR+iFHqFT3mpgg8uCHh0xFvnHtj kTYVRXfsGUL3hfodDjc/ipun3UTBwUHLW5OOB2rAVQuhLJgNexdyq+3IQfm2qaCtYXjr 6Zbemccf/VC3bK6V2VMIH6UmqQmxQmxXbvRnL9VMWw6Z7DpOOkz3Xn7FmzyMc67wS7Hc DPdo59sIYaRwsRFVxwKL2XJEZ0NU61us6Eti85UFr2K3Nm0LT3pVbQ3VaoPyppJIuAAm kEuX5rlSudchU+BgrvOfuKgpLQP2HoP66NR9P7BwQe+ORPhe6enX+wyZ2hAnc6bsdHvq 2CIw== X-Gm-Message-State: AOAM5330WykBWV13QUn5TS0mIhavnvGeH14bfNs2T1h68nklIJY5KtSy YQYF9mqmPJ3JLEvT1zIqtpGfYWXk1u6LqRIIQEXfoT+rhOY= X-Google-Smtp-Source: ABdhPJyYrsUjxHW+n6Vjxh2gsKC4gj+26cd9lyGZ0Zyi8VRwgTaAJNEL8i5hiE2JLRpoWhQwqYeD95qs8VJJKx6y3jY= X-Received: by 2002:a05:6214:2307:b0:432:e753:e0c4 with SMTP id gc7-20020a056214230700b00432e753e0c4mr97088471qvb.55.1655113771881; Mon, 13 Jun 2022 02:49:31 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Biener Date: Mon, 13 Jun 2022 11:49:20 +0200 Message-ID: Subject: Re: [RFC] Support for nonzero attribute To: Yair Lenga Cc: GCC Development Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2022 09:49:34 -0000 On Sat, Jun 4, 2022 at 12:27 PM Yair Lenga via Gcc wrote: > > Before becoming a "C" programmer, I spent few years building simulations in > Pascal. I still remember (and long for) the ability to define integer with > range constraints: > > var foobar: 10..50 ; // Accept 10, 11, 12, ..., 49, 50 Just noting this is a range on a variable declaration while ... > The specific non-zero constraint is a specific implementation of the range > operator (with some exception see below). Wanted to suggest going for > more ambitious goal: add min and max attributes to (integer) types and > variables. This will address the specific case of non-zero, but has a lot > of potential to be built upon: can be used for compile time testing, run > time parameter checking, storage optimization (similar to packed), run time > optimization (e.g. eliminating runtime tests), .... Also expected range > information can have a positive impact on code safety/validation. > > typedef int postivieInt __attribute__ (minValue(1), maxValue(INTMAX) ; > typedef int foobar __attribute__ ((minValue(10), maxValue(50)) ; ... this would be on a type. GCC internally has TYPE_{MIN,MAX}_VALUE but no such thing on declarations which means that either the attribute should be restricted to types or it would need to create distinct types on-the-fly when applied to declarations. I'm sure Ada supports something similar btw. Richard. > If this can be implemented, it will provide for much more > flexibility (e.g., ability to specify that any specific parameter must be > non-zero). > > int foo (int x __attribute__ (minValue(1)), int y, int z __attribute__ > (minValue(1)) ; > > int foo (positiveInt x, int y, positiveInt y) ; > > Assuming this can be implemented, compile time tests should be automatic, > whenever possible. Run time tests should be enabled with flags (to allow > optimized code to run without expensive run time tests). > > Note1: > While for many use cases non-zero (including forcing ENUM value, and > minValue(1) are the same, the above does not cover the user case where a > signed int does not accept a zero. For this use case, I believe the nonZero > attribute is still needed. > > typedef int limitedInt __attribute((minValue(-20)), maxValue(+20), nonZero) > > I do recall that few other languages had similar abilities (Ada, Java (via > annotations), ...) > > Yair > > > > > > > > > > ---------- Forwarded message ---------- > > From: Miika > > To: "gcc@gcc.gnu.org" > > Cc: > > Bcc: > > Date: Fri, 03 Jun 2022 16:34:48 +0000 > > Subject: [RFC] Support for nonzero attribute > > Hello, > > > > I would like to add support for new attribute: nonzero. > > Nonzero attribute works the same way as nonnull but instead of checking for > > NULL, it checks for integer or enum with value 0. > > > > Nonzero attribute would issue warnings with new compiler flag > > -Wnonzero and -Wnonzero-compare. > > > > Nonzero could be useful when user wants to make sure that for example enum > > with value of 0 is not used or flag argument is not set to 0. > > > > > > For example compiling following code with "gcc -Wnonzero -Wnonzero-compare > > foo.c" > > > > #include > > enum bar{NONE, SOME}; > > > > void foo(int d, enum bar b) __attribute__ ((nonzero (1, 2))); > > void foo(int d, enum bar b) { > > printf("%d\n", d == 0); > > printf("%d\n", b == NONE); > > } > > > > int main() { > > foo(0, NONE); > > } > > > > > > Would give the following error > > > > foo.c: In function 'main': > > foo.c:11:9: warning: zero argument where nonzero required (argument 1) > > [-Wnonzero] > > 11 | foo(0, NONE); > > | ^~~ > > ...