Hi Paul, On 3/11/23 23:08, Paul Eggert wrote: > On 2023-03-11 13:59, Alejandro Colomar wrote: >> Unless the standard specifically allows us to do so, but I can't find >> anything clear. > > It's pretty clear if you're a time nerd like me. :-)
:-)
> The standard for
> strftime says "The appropriate characters are determined using the
> LC_TIME category of the current locale and by the values of zero or more
> members of the broken-down time structure pointed to by timeptr, as
> specified in brackets in the description. If any of the specified values
> are outside the normal range, the characters stored are unspecified."
>
> The "zero" means that if no conversion specs are present in the format
> string, then no struct tm members are examined, and it's therefore OK
> for all members to be uninitialized if no conversion specs are present.
Hmmm, might make sense. I'm thinking of the following code:
int foo(bool x, int *_Nonnull i)
{
if (!x)
return *i;
return 42;
}
Some compiler might decide to read-ahead the contents of *i knowing that
it can't be NULL. If x is true, then it just discards that value. Since
the compiler is allowed to perform UB if it knows that it can't affect
observable behavior, it should be fine. If you pass NULL, then it would
crash.
What I'm not sure is that strftime(3) requires nonnull. I didn't find it
in the C17 text. glibc doesn't seem to use nonnull attributes for it:
$ grepc strftime /usr/include/
/usr/include/time.h:100:
extern size_t strftime (char *__restrict __s, size_t __maxsize,
const char *__restrict __format,
const struct tm *__restrict __tp) __THROW;
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
OpenPGP_signature
Description: OpenPGP digital signature
