This is the mail archive of the
gcc-prs@gcc.gnu.org
mailing list for the GCC project.
c++/7536: C++ front end does not warn of promotion of negative ints to unsigneds
- From: jss at ast dot cam dot ac dot uk
- To: gcc-gnats at gcc dot gnu dot org
- Date: 8 Aug 2002 08:54:04 -0000
- Subject: c++/7536: C++ front end does not warn of promotion of negative ints to unsigneds
- Reply-to: jss at ast dot cam dot ac dot uk
>Number: 7536
>Category: c++
>Synopsis: C++ front end does not warn of promotion of negative ints to unsigneds
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Aug 08 01:56:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: jss@ast.cam.ac.uk
>Release: gcc-3.1
>Organization:
>Environment:
gcc-3.1 (RedHat RPM 3.1-1), on RedHat Linux 7.3 on an AMD Athlon (compiling for i386)
>Description:
An expression int+unsigned or int-unsigned promotes the int variable to an unsigned before doing the operation. Quite often this can do the /wrong/ thing, just like comparisons of ints and unsigneds. g++ should warn for obvious mistakes (as the c front end does), and should optionally warn for less obvious mistakes.
e.g.
unsigned a = 15;
double b = -30 - a;
should issue a warning, as b ends up at around 2^32, and probably not the expected -15.
Further possibilities for warning are:
unsigned a = 15;
int b = -30;
double c = b-c
(the same thing).
Another possibility is for warning for every implicit int/unsigned arithmetic operation/promotion, as the int could be negative. For instance:
double dostuff(int i)
{
const unsigned cx = 10;
return i-cx;
}
int main()
{
dostuff(-10); // dangerous
return 0;
}
This can hide a serious error. However many programs will give lots of warnings. Maybe this could go into -Wconversion?
The operation int+unsigned usually works (due to twos-complement representation - is this part of the standard?), however things like
int a = -10;
unsigned b = 20;
double c = b + a;
should also be flagged if the operation relies on non-defined behaviour.
I'll include a test-case for warnings.
>How-To-Repeat:
Compile above with
g++ -W -Wall -Wconversions -O2 test.cc
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: application/octet-stream; name="test.cc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="test.cc"
I2luY2x1ZGUgPGlvc3RyZWFtPgoKLy8gaW50IHByb21vdGlvbiB0ZXN0LWNhc2UgKEplcmVteSBT
YW5kZXJzIDIwMDIpCgp2b2lkIHRlc3QxKCkKewogIHVuc2lnbmVkIHUgPSAyMDsKICBkb3VibGUg
ZCA9IC0xMCAtIHU7ICAvLyBzaG91bGQgd2FybiBmb3IgdGhpcyAKICBzdGQ6OmNvdXQgPDwgZCA8
PCAnXG4nOwp9Cgp2b2lkIHRlc3QyKCkKewogIHVuc2lnbmVkIHUgPSAyMDsKICBkb3VibGUgZCA9
IC0xMCArIHU7ICAvLyB3b3JrcyBidXQgc2hvdWxkIGJlIHdhcm5lZCBmb3IKICBzdGQ6OmNvdXQg
PDwgZCA8PCAnXG4nOwp9Cgp2b2lkIHRlc3QzKCkKewogIHVuc2lnbmVkIHUgPSAyMDsKICBpbnQg
aSA9IC0xMDsKICBkb3VibGUgZCA9IGkgLSB1OyAgLy8gc2hvdWxkIHdhcm4gZm9yIHRoaXMKICBz
dGQ6OmNvdXQgPDwgZCA8PCAnXG4nOwp9Cgp2b2lkIHRlc3Q0KCkKewogIHVuc2lnbmVkIHUgPSAy
MDsKICBpbnQgaSA9IC0xMDsKICBkb3VibGUgZCA9IGkgKyB1OyAgLy8gc2hvdWxkIHdhcm4gZm9y
IHRoaXMKICBzdGQ6OmNvdXQgPDwgZCA8PCAnXG4nOwp9Cgp2b2lkIHRlc3Q1KGludCBpKQp7CiAg
dW5zaWduZWQgdSA9IDIwOwogIGRvdWJsZSBkID0gaSAtIHU7IC8vIHRoaXMgY291bGQgYmUgYW4g
ZXJyb3IsIG1heWJlIHNob3VsZCBiZSB3YXJuZWQgZm9yCiAgZG91YmxlIGUgPSBpICsgdTsgLy8g
dGhpcyBjb3VsZCBmb3JtYWxseSBiZSBhbiBlcnJvcgogIHN0ZDo6Y291dCA8PCBkIDw8ICdcdCcg
PDwgZSA8PCAnXG4nOwp9CgppbnQgbWFpbigpCnsKICB0ZXN0MSgpOwogIHRlc3QyKCk7CiAgdGVz
dDMoKTsKICB0ZXN0NCgpOwogIHRlc3Q1KC0xMCk7CiAgcmV0dXJuIDA7Cn0K