This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: pointer <-> integer conversion warnings (bogus -Wall warnings )





   From: Fergus Henderson <fjh@cs.mu.OZ.AU>
   On 14-Mar-2002, Tom Lord <lord@emf.net> wrote:
   > Let's suppose that the value being converted back and forth between
   > the two variables is not an address, but a range-limited integer.

   Yes, in that case the usage is reasonable.
   But the warning can easily be suppressed in that case using a
   double-cast.


For the double-cast trick, we need two integer types:

	small_int_t:	a type large enough to hold our limited range
			integers, but not wider than pointers.

	large_int_t: 	an integer type large enough to hold pointers

On all the current, popular architectures, using posix *_MAX macros,
we could undoubtedly find such types.  However, the standards give us
no assurance of being able to find such types and it isn't hard to
imagine quite plausible systems on which they don't both exist.
Consequently, the double-cast trick is a platform-specific hack -- not
a feature of C.  The compiler's policies for giving warnings should
not assume that that trick always applies.  I'm trying to reduce, not
expand the number of architecture specific hacks in the code I'm
working on.  As a matter of policy, GCC should not rely on them.

There is a traditional way to deal with this issue: don't warn about
explicit casts in the compiler under ordinary usage.  Do provide a
`lint'-like program or exotic compiler options that can warn even
about explicit casts.

The heck with it: if I want interval analysis (and that would be nice
to have), I certainly want a tool that's going to do a lot more work
than I want the compiler to be doing.


   > Three levels of 
   > 	   meaning for "this is clean code" are: 
   > 
   > 			a. it compiles
   > 			b. it compiles with all the usual warnings 
   > 			   enabled, without generating any warnings
   > 			c. it passes inspection by <your favorite lint tools>
   > 
   > Now, with the
   > pointer<->integer conversion warnings enabled by default and by
   > '-Wall', level (b) is gone.

   If you think `-Wall' is supposed to mean your level (b), then I think
   your are wrong.  The documentation for -Wall says [...]

Regardless of the documentation, until fairly recently, `-Wall'
provided (b).  I've already said that providing an option that gives
the traditional warnings but isn't called `-Wall' would be fine.  (I'd
prefer `-Wall', but that's a minor point.)


   > but thinking further about it, the double cast trick isn't even 
   > guaranteed to work in the presence of `intptr_t' since aren't we
   > only guaranteed that `intptr_t' is large enough -- not that it isn't
   > too large?  (That's not a rhetorical question: I don't have a C99 spec.)

   Yes, according to C99, intptr_t might be larger than a pointer.
   But code using the double-cast trick will still work in that case.
   It just might get a spurious warning.  

Well, that's the point.

At least as of the version of GCC I use, warning about default
conversions between possibly incompatible sizes only generate warnings
on platforms where those conversions are _actually_ incompatible
sizes.  That blows.  An improvement would be to give warnings, even in
the default case, when a default conversion can be between
incompatible sizes on _any_ architecture.  This would even be likely
to catch at least a few bugs before they bite the person doing an
alpha port.

An explicit cast, though, expresses the programmer's intention to
invoke a potentially dangerous conversion.  Except in the presence of
an option like `-Wcommon-mistakes' or `-Wcheck-for-possible-idiocy',
no warning should be generated.

-t


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]