This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Warning for different pointer signedness
Joe Buck <Joe.Buck@synopsys.com> writes:
| On Mon, Dec 20, 2004 at 11:14:58PM +0100, Gabriel Dos Reis wrote:
| > Yes, that means they springle cast as approppriate, not that an
| > implicit conversion on pointers is performed.
| >
| > | So
| > | int foo (unsigned char *p) { return strcmp (p, "foo"); }
| > | will always work correctly. But now the compiler emits an
| > | unconditional warning. This seems dubious to me. The code is safe.
| >
| > The code looks dubious to me, as in real life it would hardly pass
| > code-review stage.
|
| Sorry, Gaby, I don't buy this argument, given the C aliasing rules.
Well, are you pretending you'll let it pass in code review in your
company? :-)
| C says a pointer to unsigned T and a pointer to signed T can point to
| the same object.
But, it does not say that the comparison with unadorned cast is valide.
What I find in my copy of the C definition is:
[#7] An object shall have its stored value accessed only by
an lvalue expression that has one of the following types:73)
-- a type compatible with the effective type of the
object,
-- a qualified version of a type compatible with the
effective type of the object,
-- a type that is the signed or unsigned type
corresponding to the effective type of the object,
-- a type that is the signed or unsigned type
corresponding to a qualified version of the effective
type of the object,
-- an aggregate or union type that includes one of the
aforementioned types among its members (including,
recursively, a member of a subaggregate or contained
union), or
-- a character type.
That paragraph does not say that you can compare a pointer to unsigned
T with a pointer to signed T. Aliasing is a very different notion of
pointer comparison.
For example, consider:
typedef struct {
double* m;
} S;
What the above paragraph says is that a pointer to double may alias
an S, but it does not imply that you can compare a double* with a S*
without any appropriate cast.
| C specifies the meaning of the foo routine above.
It says that there is no implicit conversion from "unsigned char*" to
"const char*", so yes, it specifies the meaning as ill-formed, but
then it would not pass a code review.
| There is no ambiguity with the code. I think that we were right before,
| when we warned about this code only when -pedantic was specified.
I think there are two issues here:
(1) whether the code is valid; it is not.
(2) whether we should diagnose it.
As of (2), I think we need a clear roadmap, as the above is just a
specific example, one which I would find in real-life code that passes
code review. So, if we decide to accept it, then we need a clear rule.
-- Gaby