[tz] Compiler warning in tzcode2016g about SIZE_MAX being wider than int

Paul Eggert eggert at cs.ucla.edu
Sun Nov 6 23:09:49 UTC 2016

Tom Lane wrote:
> I'd change growalloc() so that its nitems-related arguments are defined as size_t not ptrdiff_t, and forget about this idea that ptrdiff_t has anything to do with the limit of what can be requested from malloc.

ptrdiff_t is relevant since zic subtracts pointers, and subtraction has 
undefined behavior if the result doesn't fit into ptrdiff_t. All other things 
being equal I prefer signed integer arithmetic to unsigned, because on some 
platforms overflow checking works with signed arithmetic and this can help find 
programming errors. This is why growalloc uses ptrdiff_t rather than size_t even 
though either would do.

> What about doing the comparison in an #if?

#if is best avoided when possible (it can't always be).

Robert Elz wrote:
> if it weren't for all these (not nearly so clever) analysers attempting to second guess what is happening and getting it wrong, it would be fine as it is.

Yes, attempting to pacify all these analyzers can contort the code, which I'd 
rather avoid. I don't even like the INITIALIZE macro, and considered adding 
-Wno-maybe-uninitialized to GCC_DEBUG_FLAGS so that INITIALIZE can be removed. I 
kept INITIALIZE only because I use GCC and -Wmaybe-uninitialized is so useful in 
finding real bugs elsewhere. As far as Coverity etc. go, I would rather that 
people filed bug reports to get these other static analyzers fixed, as I try to 
do with GCC.

I just now checked tzcode with Clang and found one recently-added bit of 
unnecessary code, which I fixed with the attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Pacify-clang-Wtautological-compare.patch
Type: text/x-diff
Size: 685 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/tz/attachments/20161106/eb135007/0001-Pacify-clang-Wtautological-compare.patch>

More information about the tz mailing list