A: a new bug to old plain C

Jonathan Wakely jwakely.gcc@gmail.com
Tue Nov 25 16:42:28 GMT 2025 

On Tue, 25 Nov 2025 at 16:09, Александр Поваляев <apovalyaev@gmail.com> wrote:
>
> Hi there!
>
> My code snippet which we're discussing was written in accordance with the code safety recommendations provided by your colleagues :)
> So, the code snipped is naturally doing what was recommended in that C FAQ:
> we're converting "Foo**" to "const Foo * const *" to avoid the possible const-violations.

That's not the C FAQ, that's the C++ FAQ, you are confused.

>
> Here is a note from some recommendation which has been provided by your colleagues (https://isocpp.org/wiki/faq/const-correctness#constptrptr-conversion) :

What "colleagues" are you talking about?

> "The rationale for why that error is a good thing is given below. But first, here is the most common solution: simply change const Foo** to const Foo* const*"
> And we are NOT converting "Foo**" to "const Foo**", we ARE converting "Foo**" to "const Foo * const * const".
> Please pay some more attention to what I am writing here.

We could say the same to you.

> Then one more "const" is added since it is going to change neither the value which the variable is pointing to nor the value of the variable itself, since it denotes "end-of-loop iteration".
> Please, read carefully the use-case which I provided at the very beginning of this e-mail thread. Here it is:
> "
> struct zzz const * const * const end_of_arr = arr_of_ptr + count;
> "
> And it should work fine. Since it is written in all the recommendations and in accordance to C standard.

No it isn't.

> Nobody and no place and no recommendation forbid us from converting "Foo**" to "const Foo * const * const".

The C standard forbids it.

> So, since it is allowed by C standard, it should work fine with all the GCC toolchains.

It isn't allowed by the C standard. Maybe by a future version of the C
standard, but not the current one.

This should not be hard to understand, please try to read more carefully.

> But with some of them, some of GCC toolchains (like GCC ARM trunk linux) it doesn't.
> So, it should be fixed.
>
> Respectfully,
> Aleksandr G Povaliaev.
>
>
>
> вт, 25 нояб. 2025 г. в 14:58, Matthias Pfaller <leo@marco.de>:
>>
>> As several people already pointed out to you, this is not a bug in the compiler. Your code is valid with C++, but invalid with C.  Is this so hard to understand? What you do is just like insisting on
>>
>> void f(int *);
>> void nonsense(void)
>> {
>>   register int x;
>>   f(&x);
>> }
>>
>> to be valid C code. It might look ok, but it's still invalid code.
>>
>> On 2025-11-25 12:28, Александр Поваляев wrote:
>>
>> Hi there!
>>
>> Yes.
>> Here is the original message from myself: "
>> struct zzz {
>> unsigned x, y;
>> };
>> void square(struct zzz ** arr_of_ptr, unsigned count) {
>> // The first "const" produce an error (not a warning) within some GCC toolchains, for example ARM GCC trunk (linux), see goldbolt.org
>> struct zzz const * const * const end_of_arr = arr_of_ptr + count;
>> // Without the first const "struct zzz * const * const end_of_arr = arr_of_ptr + count;" it works fine!!!
>> }
>> ".
>>
>> So, somebody made this BUG to some GCC toolchains (ARM GCC trunk(linux) and some others). We need to have it nailed down and fixed somehow.
>>
>> Respectfully,
>> Aleksandr G Povaliev.
>>
>>
>> вт, 25 нояб. 2025 г. в 13:32, Matthias Pfaller <leo@marco.de>:
>>>
>>> You are aware, that you are quoting the C++-FAQ? Aren't we talking about C?
>>>
>>> Congratulations btw, you are (I think) the first person managing to exhaust
>>> Jonathan's patience. I always thought he had a limitless source of patience hidden
>>> somewhere and envied him for it...
>>>
>>> On 2025-11-25 11:24, Александр Поваляев via Gcc-help wrote:
>>> > We're not converting "Foo** -> const Foo**". We are doing "Foo** -> const
>>> > Foo * const * const" conversion and this works fine (according to the right
>>> > the same
>>> > https://isocpp.org/wiki/faq/const-correctness#constptrptr-conversion which
>>> > was mentioned).
>>> >
>>> > So, what we're doing is correct from both language syntax and coding
>>> > practices (safe coding) points of view.
>>> > This bug should be reported and fixed!!!
>>> >
>>> > Respectfully,
>>> > Aleksandr G Povaliaev.
>>> >
>>> > пн, 24 нояб. 2025 г. в 20:49, Henrik Holst <henrik.holst@millistream.com>:
>>> >
>>> >> no they are not, they are a WIKIfication of the C specification, in
>>> >> particular the heading "Why am I getting an error converting a Foo** →
>>> >> const Foo**?" in an official FAQ from the C Standards Committee should make
>>> >> you realize this.
>>> >>
>>> >> /HH
>>> >>
>>> >> Den mån 24 nov. 2025 kl 18:45 skrev Александр Поваляев <
>>> >> apovalyaev@gmail.com>:
>>> >>
>>> >>> The articles mentioned are all about coding practices ("safe" and
>>> >>> "unsafe"). They are not about bugs in compilers and hard restrictions being
>>> >>> placed on where I can use "const" in my code and where I can't. :)
>>> >>>
>>> >>> The links mentioned earlier just give a recommendation to use "Foo** ->
>>> >>> const Foo * const *" conversion instead of "Foo** -> const Foo**".
>>> >>> Literally, what I am saying is that: "if you can use const, you should
>>> >>> use it". And this is the case which just confirms my attitude.
>>> >>> But again, this is about coding practices and recommendations. There is
>>> >>> no place in C and C++ standards saying "DON"T USE CONST EVEN IF YOU CAN DO
>>> >>> IT. WE'RE PROHIBITING THIS".
>>> >>>
>>> >>> And so, what GCC compiler (+ some SDKs) is doing now is just the opposite
>>> >>> to the recommendation mentioned. It restricts the places where "const"
>>> >>> might be used.
>>> >>> Anyway, it is a BUG (BIG BUG!!!) in the GCC + SDK. And the BUG was not
>>> >>> made intentionally to protect software engineers from using "unsafe coding
>>> >>> practices" :)))))
>>> >>> For such kind of practices, there are warnings with information messages.
>>> >>> And the bug in GCC should be (1) reported; (2) nailed down and (3) fixed.
>>> >>>
>>> >>> Respectfully,
>>> >>> Aleksandr G Povaliaev.
>>> >>>
>>> >>>
>>> >>> пн, 24 нояб. 2025 г. в 16:10, Henrik Holst <henrik.holst@millistream.com
>>> >>>> :
>>> >>>>
>>> >>>> Den mån 24 nov. 2025 kl 13:40 skrev Александр Поваляев <
>>> >>>> apovalyaev@gmail.com>:
>>> >>>>
>>> >>>>> Hi there!
>>> >>>>>
>>> >>>>> "False sense of security". Const is a hint to any C compiler to make
>>> >>>>> code more error-prone. So, it is always better to use as much "const" as
>>> >>>>> possible.
>>> >>>>> My point is that "if const might be used, it SHOULD be used". That is
>>> >>>>> the cornerstone.
>>> >>>>> I want to use it, so GCC compiler + SDK should make it possible. It is
>>> >>>>> my code and my design decisions being undertaken.
>>> >>>>>
>>> >>>>> All discussions if it is possible to overcome or not "Const"
>>> >>>>> restriction is irrelivant here.
>>> >>>>>
>>> >>>> no it is not irrelevant here because if I declare a variable as const in
>>> >>>> my local code the value should not be changed by other code either, look at
>>> >>>> the code in the link given to you earlier which shows just such a case as
>>> >>>> an example on why this is not allowed in C.
>>> >>>>
>>> >>>> /HH
>>> >>>>
>>> >>>>> Respectfully,
>>> >>>>> Aleksandr G Povaliaev.
>>> >>>>>
>>> >>>>> пн, 24 нояб. 2025 г. в 13:46, Henrik Holst <
>>> >>>>> henrik.holst@millistream.com>:
>>> >>>>>
>>> >>>>>> The things is that this is unsafe and invalid due to it creating a
>>> >>>>>> false sense of security. Aka your "const Foo *" can change under your feet
>>> >>>>>> by _other_ code leading to your const here giving you a false sense of
>>> >>>>>> security. Yes it prevents you from modifying it locally but not some other
>>> >>>>>> code or thread from modifying your const pointer to now point to something
>>> >>>>>> else, hence the compiler issues an error here since you do not get what you
>>> >>>>>> think you are getting.
>>> >>>>>>
>>> >>>>>> /HH
>>> >>>>>>
>>> >>>>>> Den mån 24 nov. 2025 kl 11:10 skrev Александр Поваляев via Gcc-help <
>>> >>>>>> gcc-help@gcc.gnu.org>:
>>> >>>>>>
>>> >>>>>>> Hi there!
>>> >>>>>>>
>>> >>>>>>> The code is not invalid and neither of the links posted saying that
>>> >>>>>>> "const
>>> >>>>>>> Foo * const * const" is invalid construction for C.
>>> >>>>>>> The links posted just are discussing that it might be UNSAFE to cast
>>> >>>>>>> "Foo
>>> >>>>>>> **" -> "const Foo **" and recommending usage of "Foo **" -> "const
>>> >>>>>>> Foo *
>>> >>>>>>> const *" instead.
>>> >>>>>>> It's OK. If you feel that it is unsafe, please don't use it. It is
>>> >>>>>>> your own
>>> >>>>>>> decision.
>>> >>>>>>>
>>> >>>>>>> But the syntax itself "const Foo * const * const" is correct and the
>>> >>>>>>> use-case I mentioned is quite simple and evident.
>>> >>>>>>> And so I need this code snipped to be compiled transparently over all
>>> >>>>>>> the
>>> >>>>>>> GCC (and platform SDKs) available versions.
>>> >>>>>>>
>>> >>>>>>> Respectfully,
>>> >>>>>>> Aleksandr G Povaliaev.
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> пн, 24 нояб. 2025 г. в 01:48, David Brown <david.brown@hesbynett.no>:
>>> >>>>>>>
>>> >>>>>>>> On 23/11/2025 21:45, Александр Поваляев via Gcc-help wrote:
>>> >>>>>>>>> Hi there!
>>> >>>>>>>>>
>>> >>>>>>>> This is getting /extremely/ frustrating.  /Please/ find some way to
>>> >>>>>>>> learn the C programming language - courses, books, good online
>>> >>>>>>> resources.
>>> >>>>>>>> And /please/ believe me when I say that people who have worked with
>>> >>>>>>> C
>>> >>>>>>>> and C++ for decades, studied the standards, who serve on the
>>> >>>>>>> standards
>>> >>>>>>>> committee, know better about these things than you do.  (I'm talking
>>> >>>>>>>> about Jonathan here, not myself - he really is a world-class expert
>>> >>>>>>> here.)
>>> >>>>>>>>> Either the links you've provided or the links you provided earlier
>>> >>>>>>>>> (yesterday) are irrelevant, cause they are just discussing if it
>>> >>>>>>> is safer
>>> >>>>>>>>> to convert "Foo_Type **" to "const Foo_Type **" or not.
>>> >>>>>>>>>
>>> >>>>>>>> The links are highly relevant.  They explain why you cannot convert
>>> >>>>>>> from
>>> >>>>>>>> "char **" to "const char **".  That also explains why you cannot
>>> >>>>>>> convert
>>> >>>>>>>> from "char **" to "const char * const * const".  Adding even more
>>> >>>>>>>> "const" qualifiers to the invalid conversion does not somehow
>>> >>>>>>> magically
>>> >>>>>>>> make it work.
>>> >>>>>>>>
>>> >>>>>>>>> Once again, we are not converting "char** to const char**", we're
>>> >>>>>>>>> converting char** to const char * const * const".
>>> >>>>>>>>> And we're not discussing if it is safer or not, we are discussing
>>> >>>>>>> GCC
>>> >>>>>>>>> compiler error.
>>> >>>>>>>>>
>>> >>>>>>>> The compiler is generating an error message because you wrote
>>> >>>>>>> invalid
>>> >>>>>>>> code.  The error - or bug, if you like - is in /your/ code.  Not the
>>> >>>>>>>> compiler.  GCC is doing its job correctly here.
>>> >>>>>>>>
>>> >>>>>>>>> Respectfully,
>>> >>>>>>>>> Aleksandr G Povaliaev.
>>> >>>>>>>>>
>>> >>>>>>>> I'm sorry, but signing the post with "respectfully" does not make it
>>> >>>>>>>> respectful.  You started the thread disrespectfully - insisting that
>>> >>>>>>>> there is a bug in GCC when you simply do not understand the relevant
>>> >>>>>>>> aspects of the C programming language.  And you have gone downhill
>>> >>>>>>> since
>>> >>>>>>>> then, ignoring and rejecting the help and advice you have been
>>> >>>>>>> given.
>>> >>>>>>>> Getting things wrong once is entirely understandable - this is a
>>> >>>>>>> subtle
>>> >>>>>>>> point of the C language, and you are posting to a "help" list.
>>> >>>>>>> Doubling
>>> >>>>>>>> down on your ignorance when you have received the help and
>>> >>>>>>> information
>>> >>>>>>>> you need, is a different matter entirely.
>>> >>>>>>>>
>>> >>>>>>>> Your code is flawed.  You need to fix it.  Mindlessly repeating your
>>> >>>>>>>> misunderstandings about how you think C works will not do anything
>>> >>>>>>> but
>>> >>>>>>>> annoy people.
>>> >>>>>>>>
>>> >>>>>>>> David
>>> >>>>>>>>
>>> >>>>>>>>

More information about the Gcc-help mailing list