RE: signed vs unsigned pointer warning

public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed

From: "Dave Korn" <dk@artimi.com>
To: "'Morten Welinder'" <terra@gnome.org>, <gcc@gcc.gnu.org>
Subject: RE: signed vs unsigned pointer warning
Date: Wed, 22 Sep 2004 17:20:00 -0000	[thread overview]
Message-ID: <NUTMEGODkUqESudbgsy00000021@NUTMEG.CAM.ARTIMI.COM> (raw)
In-Reply-To: <20040922161751.B4F6A1422D53@darter.rentec.com>

> -----Original Message-----
> From: Morten Welinder [mailto:terra@gnome.org] 
> Sent: 22 September 2004 17:18

> Dave Korn writes:
> 
> > Until you try indexing an array with an 8-bit high ASCII 
> char, of course.
> > Then things become radically different.  I've known buggy ctype
> > implementations that have failed on this (ASCII > 127 being 
> signed negative
> > and the ctype function accidentally indexing memory space 
> before an array
> > full of ctype result flags).
> 
> [/me gathers soapbox]
> 
> I bet you have.  In fact *ALL* ctype implementations will fail.[*]
> That includes glibc 

  You've provoked me to go and refer to the standard!

http://www.opengroup.org/onlinepubs/009695399/functions/isprint.html

------------snip!------------
int isprint(int c);

The c argument is an int, the value of which the application shall ensure is
a character representable as an unsigned char or equal to the value of the
macro EOF. If the argument has any other value, the behavior is undefined.
------------snip!------------

> It does not work for (signed char)-1 if EOF==-1.  It cannot 
> work as two
> different results are required for the same argument value.

  Um... but the ctype argument is an integer.  If you pass EOF, you get
(int)-1 in the ctype function.  If you want to pass (signed char)-1, you
have to ensure that -1 is "a character representable as an unsigned char"
first.  Which I don't think you can, since you can't store negative numbers
in an unsigned type.  So AFAICS, the valid range of inputs to the function
is the closed range [-1,255] in integers.

> What glibc does is to *mostly* work around buggy programs that send
> (explicitly or implicitly) signed characters to, say, 
> isprint.  

  The bug really is in passing a char to a function that requires an int
argument and mismanaging the promotion by not explicitly casting the char
first, isn't it?

> Solaris does the array[arg] thing you speak about.  It isn't 
> buggy.  The caller is, and, IMHO the standard is.

  As I said, I think the standard makes it quite clear that you can pass -1
and any unsigned char (0....255) value.  It seems to me to say quite clearly
that if you have a signed char variable which is negative and you pass it to
the ctype function and allow it to be sign-extended by the implicit argument
promotion rules then you have supplied an out-of-range value to the
function.

  Anyway, I only gave this particular example as an illustration to back up
my argument that the incompatibility between signed and unsigned chars is
not theoretical but very very real and does very much occur in practice as
it is very very common for char-sized arguments to be promoted to int sized
and the two types behave significantly differently when this happens.
That's all.

    cheers, 
      DaveK
-- 
Can't think of a witty .sigline today....

next prev parent reply	other threads:[~2004-09-22 16:42 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-22 16:43 Morten Welinder
2004-09-22 17:17 ` Paul Koning
2004-09-22 17:27   ` Morten Welinder
2004-09-22 17:49     ` Dave Korn
2004-09-22 17:20 ` Dave Korn [this message]
2004-09-23  1:31   ` Andreas Schwab
2004-09-23 12:29     ` Dave Korn
2004-09-23 18:57       ` Joe Buck
2004-09-23 19:38         ` Dave Korn
2004-09-27  2:04   ` Jamie Lokier
2004-10-08 13:29     ` Nick Ing-Simmons
2004-10-08 13:32       ` Dave Korn
2004-10-08 17:20       ` Joe Buck
2004-10-08 17:28         ` Paul Jarc
2004-10-08 17:59           ` Joe Buck
2004-10-08 18:15             ` Dave Korn
2004-10-08 18:22               ` Joe Buck
2004-10-08 18:24             ` Jamie Lokier
2004-10-08 19:57             ` Paul Jarc
2004-10-09  7:05               ` Jamie Lokier
2004-10-09  8:48                 ` Paul Jarc
2004-10-11 16:34                   ` Richard Earnshaw
2004-10-08 18:57         ` Morten Welinder
2004-10-08 20:59           ` Matthias B.
2004-10-08 22:34             ` Paul Koning
2004-10-10  2:03               ` Matthias B.
2004-10-09  1:39             ` Andreas Schwab
2004-10-11  0:11           ` Kai Henningsen
  -- strict thread matches above, loose matches on Subject: below --
2004-09-21 20:52 Richard Henderson
2004-09-21 22:36 ` Linus Torvalds
2004-09-22 14:35   ` Dave Korn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=NUTMEGODkUqESudbgsy00000021@NUTMEG.CAM.ARTIMI.COM \
    --to=dk@artimi.com \
    --cc=gcc@gcc.gnu.org \
    --cc=terra@gnome.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).