From: Martin Uecker <muecker@gwdg.de>
To: Alejandro Colomar <alx@kernel.org>
Cc: Xi Ruoyao <xry111@xry111.site>, Andrew Pinski <pinskia@gmail.com>,
"GNU libc development" <libc-alpha@sourceware.org>,
Adhemerval Zanella <adhemerval.zanella@linaro.org>,
Carlos O'Donell <carlos@redhat.com>,
"Andreas Schwab" <schwab@suse.de>,
Siddhesh Poyarekar <siddhesh@gotplt.org>,
"Zack Weinberg" <zack@owlfolio.org>,
"gcc@gcc.gnu.org" <gcc@gcc.gnu.org>, enh <enh@google.com>
Subject: Re: ISO C's [static] (was: _Nullable and _Nonnull in GCC's analyzer)
Date: Wed, 9 Aug 2023 14:03:38 +0200 [thread overview]
Message-ID: <a545d9155a8eabd459d52ce0f54665a83d8cea0b.camel@gwdg.de> (raw)
In-Reply-To: <a213b674-2469-30e2-0e01-4c399fd0d47f@kernel.org>
Hi Alejandro!
Am Mittwoch, dem 09.08.2023 um 12:42 +0200 schrieb Alejandro Colomar:
...
>
> As for when one would want to mean the first (size of array)
> but not _Nonnull: for a function where you may pass either
> an array (which should not be smaller than the size), or a
> sentinel NULL value.
>
> Nevertheless, I floated the idea that [static] is completely
> unnecessary, and nobody has yet been against it.
>
> GCC could perfectly add a warning for the following case:
>
> void foo(size_t n, int a[n]);
>
> int
> main(void)
> {
> int a[7];
>
> foo(42, a);
> }
>
> Nobody in their right mind would specify a size of an array
> in a parameter and expect that passing a smaller array than
> that can produce a valid program. So, why not make that a
> Wall warning?
But we have this warning! is even activated by
default without -Wall and already since GCC 11:
https://godbolt.org/z/sMbTon458
But this is for minimum required elements. How do
we differentiate between null and non-null?
We have:
int[] or int* // no bound, nullable
int[N] // at least N, nullable
int[static N] // at least N, nonnull
The 'static' implies nonnull, so we could
use 'static' to diffentiate between nonnull
and nullable.
What is missing something which implies bounds
also inside the callee. You can use the "access"
attribute or we extend the meaning of int[N]
and int[static N] also imply a maximum bound.
Martin
next prev parent reply other threads:[~2023-08-09 12:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230710161300.1678172-1-xry111@xry111.site>
[not found] ` <a3a0c195-1149-461b-807e-46eaa3d68fcc@app.fastmail.com>
[not found] ` <ed86d013-1df5-2880-3e39-0caf8f49a999@gotplt.org>
[not found] ` <1efbe0b2dd8fefffc945c6734222c7d6e04cf465.camel@xry111.site>
2023-07-10 20:14 ` _Nullable and _Nonnull in GCC's analyzer (was: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h) Alejandro Colomar
2023-07-10 20:16 ` Alejandro Colomar
2023-08-08 10:01 ` Martin Uecker
2023-08-09 0:14 ` enh
2023-08-09 1:11 ` Siddhesh Poyarekar
2023-08-09 7:26 ` Martin Uecker
2023-08-09 10:42 ` ISO C's [static] (was: _Nullable and _Nonnull in GCC's analyzer) Alejandro Colomar
2023-08-09 12:03 ` Martin Uecker [this message]
2023-08-09 12:37 ` Alejandro Colomar
2023-08-09 14:24 ` Martin Uecker
2023-08-09 13:46 ` Xi Ruoyao
2023-08-11 23:34 ` _Nullable and _Nonnull in GCC's analyzer (was: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h) enh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a545d9155a8eabd459d52ce0f54665a83d8cea0b.camel@gwdg.de \
--to=muecker@gwdg.de \
--cc=adhemerval.zanella@linaro.org \
--cc=alx@kernel.org \
--cc=carlos@redhat.com \
--cc=enh@google.com \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=pinskia@gmail.com \
--cc=schwab@suse.de \
--cc=siddhesh@gotplt.org \
--cc=xry111@xry111.site \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).