DragonFly BSD
DragonFly submit List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: A few WARNS6 cleanups


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 4 Jan 2005 14:42:29 -0800 (PST)

:Actually snprintf and some other functions in the same league have a
:fundamentally wrong return type. They should return size_t or ssize_t,
:because sizeof(size_t) >= sizeof(int) and the number of bytes actually
:writeable e.g. to a string is limited by (s)size_t. Yes, I consider this
:a flaw in the standard.
:

    I think snprintf got it right, and things like read() and write()
    got it wrong.  Just because you have a 64 bit address space
    doesn't mean that it makes sense to support it for everything,
    much less a string operation that 99.99999999999999% of the
    uses in code use values far less then 2^31.  'int' is a lot easier
    to understand both for sizeof() and as the return value to a read or
    write, and having sizeof() return unsigned has tripped me up more
    times then I can count because 99% of the time I am comparing it 
    against int's, not unsigned ints.  Plus I use negative numbers all
    the time to mean special things, and size_t screws that all up
    to the point where it is a royal pain in the ass.  Just because
    sizeof() can only return an unsigned value doesn't mean that it
    should be typed that way.

    It becomes absurd after a while but that hasn't stopped the
    standards folks from doing it anyway.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>

:...
:	if (read(0, buf, sizeof(buf)) != sizeof(buf)) {
:		...
:	}
:generates a warning, because to allow error validation read returns
:a signed size_t, but sizeof is unsigned.
:
:To summarize this whole discussion, it can't be avoided to add casts,
:but it is important to understand when casts are necessary and how
:to correctly cast. For example, it is better to cast the sizeof(buf)
:to ssize_t in the example above, because _we_ know that there won't be
:any problem. It would be nice if GCC could automatically stop printing
:warnings if a fixed integer can be representated as both or an unsigned
:integer of a smaller type is compared to a greater signed type. The first
:can be savely promoted to signed and the latter as well.
:
:Joerg




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]