From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from xmailer.gwdg.de (xmailer.gwdg.de [134.76.10.29]) by sourceware.org (Postfix) with ESMTPS id 5A9F83858D20 for ; Wed, 9 Aug 2023 12:03:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5A9F83858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gwdg.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gwdg.de Received: from excmbx-01.um.gwdg.de ([134.76.9.216] helo=email.gwdg.de) by mailer.gwdg.de with esmtp (GWDG Mailer) (envelope-from ) id 1qThuh-000Lju-Sf; Wed, 09 Aug 2023 14:03:44 +0200 Received: from EXCMBX-29.um.gwdg.de (134.76.9.204) by excmbx-01.um.gwdg.de (134.76.9.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.27; Wed, 9 Aug 2023 14:03:44 +0200 Received: from fbmtpc21.tugraz.at (10.250.9.199) by EXCMBX-29.um.gwdg.de (134.76.9.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.27; Wed, 9 Aug 2023 14:03:44 +0200 Message-ID: Subject: Re: ISO C's [static] (was: _Nullable and _Nonnull in GCC's analyzer) From: Martin Uecker To: Alejandro Colomar CC: Xi Ruoyao , Andrew Pinski , "GNU libc development" , Adhemerval Zanella , Carlos O'Donell , "Andreas Schwab" , Siddhesh Poyarekar , "Zack Weinberg" , "gcc@gcc.gnu.org" , enh Date: Wed, 9 Aug 2023 14:03:38 +0200 In-Reply-To: References: <20230710161300.1678172-1-xry111@xry111.site> <1efbe0b2dd8fefffc945c6734222c7d6e04cf465.camel@xry111.site> <10994861-c244-ba4f-70ad-86d66acf7277@kernel.org> <08d7552c-d90a-ae84-4b7e-2f6f2136dd66@kernel.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1+deb11u2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Originating-IP: [10.250.9.199] X-ClientProxiedBy: excmbx-22.um.gwdg.de (134.76.9.232) To EXCMBX-29.um.gwdg.de (134.76.9.204) X-Virus-Scanned: (clean) by clamav X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,BODY_8BITS,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Alejandro! Am Mittwoch, dem 09.08.2023 um 12:42 +0200 schrieb Alejandro Colomar: ... > > As for when one would want to mean the first (size of array) > but not _Nonnull: for a function where you may pass either > an array (which should not be smaller than the size), or a > sentinel NULL value. > > Nevertheless, I floated the idea that [static] is completely > unnecessary, and nobody has yet been against it. > > GCC could perfectly add a warning for the following case: > >     void foo(size_t n, int a[n]); > >     int >     main(void) >     { >         int a[7]; > >         foo(42, a); >     } > > Nobody in their right mind would specify a size of an array > in a parameter and expect that passing a smaller array than > that can produce a valid program. So, why not make that a > Wall warning? But we have this warning! is even activated by  default without -Wall and already since GCC 11: https://godbolt.org/z/sMbTon458 But this is for minimum required elements. How do  we differentiate between null and non-null? We have: int[] or int* // no bound, nullable int[N] // at least N, nullable int[static N] // at least N, nonnull The 'static' implies nonnull, so we could  use 'static' to diffentiate between nonnull  and nullable. What is missing something which implies bounds also inside the callee. You can use the "access" attribute or we extend the meaning of int[N] and int[static N] also imply a maximum bound. Martin