[tz] Dubious coding in tzcode 2019b
Clive D.W. Feather
clive at davros.org
Fri Jul 19 07:53:40 UTC 2019
Tom Lane said:
> Some compilers in the Postgres buildfarm are unhappy[1] about this
> coding in 2019b's zic.c:
>
> register ptrdiff_t thistimei, thistimecnt, thistimelim;
> bool locut, hicut;
> ...
> thistimecnt = - locut - hicut;
Gagh. The spacing there makes it look like it's intended to be -(lo - hi)
when of course it's (-lo) - hi.
> I think they have a point: at best this code is seriously opaque,
> and at worst it's unportable. I can't even figure out whether
> this is assuming that bool promotes to signed or unsigned int;
> and even if whichever choice that is supported by the C99 spec,
In C99 bool always promotes to signed int.
> what will happen in environments where "bool" does not mean the
> C99 type, but rather signed or unsigned char?
Both signed and unsigned char promote to signed int *EXCEPT* on
implementations where sizeof(int) is 1, where they each promote to the
correspondingly-signed int.
(Yes, such implementations exist, though they require CHAR_BIT >= 16. We
used one where I work until a couple of years ago.)
> I think this would be a lot better if it were written as some
> if-tests that just consider locut and hicut as boolean values,
> without any assumptions about how bool converts to integer.
> If we must have such assumptions, please write them as explicit
> casts.
I'm assuming whoever wrote that didn't think of the unusual case, because
that expression will end up as 0, INT_MAX-1, or INT_MAX-2. Which when
converted to ptrdiff_t is either unchanged (if the maximum value of
ptrdiff_t is big enough), or is an implementation-defined value, or an
implementation-defined signal is raised.
You could write it as a conditional expression:
thistimecnt = locut && hicut ? -2 : locut || hicut ? -1 : 0;
but I think I would write it as:
thistimecnt = - (ptrdiff_t) (locut + hicut);
because that shows the intent better.
> While the compilers aren't whining about it, this line a bit
> further down seems like equally bad style to me:
>
> convert(locut + thistimecnt + hicut, tzh.tzh_timecnt);
>
> This also seems like it's making dubious assumptions about how
> signed and possibly-unsigned values will mix.
If locut and hicut haven't changed in the meantime, that first parameter is
always zero! If they have, then the intent was a number in the range -2 to
+2. Except for the unusual case, that should always come out as a ptrdiff_t.
--
Clive D.W. Feather | If you lie to the compiler,
Email: clive at davros.org | it will get its revenge.
Web: http://www.davros.org | - Henry Spencer
Mobile: +44 7973 377646
More information about the tz
mailing list