[tz] Compiler warning in tzcode2016g about SIZE_MAX being wider than int
eggert at cs.ucla.edu
Sun Nov 6 23:09:49 UTC 2016
Tom Lane wrote:
> I'd change growalloc() so that its nitems-related arguments are defined as size_t not ptrdiff_t, and forget about this idea that ptrdiff_t has anything to do with the limit of what can be requested from malloc.
ptrdiff_t is relevant since zic subtracts pointers, and subtraction has
undefined behavior if the result doesn't fit into ptrdiff_t. All other things
being equal I prefer signed integer arithmetic to unsigned, because on some
platforms overflow checking works with signed arithmetic and this can help find
programming errors. This is why growalloc uses ptrdiff_t rather than size_t even
though either would do.
> What about doing the comparison in an #if?
#if is best avoided when possible (it can't always be).
Robert Elz wrote:
> if it weren't for all these (not nearly so clever) analysers attempting to second guess what is happening and getting it wrong, it would be fine as it is.
Yes, attempting to pacify all these analyzers can contort the code, which I'd
rather avoid. I don't even like the INITIALIZE macro, and considered adding
-Wno-maybe-uninitialized to GCC_DEBUG_FLAGS so that INITIALIZE can be removed. I
kept INITIALIZE only because I use GCC and -Wmaybe-uninitialized is so useful in
finding real bugs elsewhere. As far as Coverity etc. go, I would rather that
people filed bug reports to get these other static analyzers fixed, as I try to
do with GCC.
I just now checked tzcode with Clang and found one recently-added bit of
unnecessary code, which I fixed with the attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 685 bytes
Desc: not available
More information about the tz