Am Mittwoch, dem 06.12.2023 um 16:01 +0100 schrieb Jakub Jelinek:
> On Wed, Dec 06, 2023 at 03:56:10PM +0100, Martin Uecker wrote:
> > > That would be my preference because then the allocation size is
> > > correct and it is purely a style warning.
> > > It doesn't follow how the warning is described:
> > > "Warn about calls to allocation functions decorated with attribute
> > > @code{alloc_size} that specify insufficient size for the target type of
> > > the pointer the result is assigned to"
> > > when the size is certainly sufficient.
> >
> > The C standard defines the semantics of to allocate spaceĀ
> > of 'nmemb' objects of size 'size', so I would say
> > the warning and its description are correct because
> > if you call calloc with '1' as size argument but
> > the object size is larger then you specify anĀ
> > insufficient size for the object given the semantical
> > description of calloc in the standard.
>
> 1 is sizeof (char), so you ask for an array of sizeof (struct ...)
> chars and store the struct into it.
If you use
char *p = calloc(sizeof(struct foo), 1);
it does not warn.
>
> > > We have the -Wmemset-transposed-args warning, couldn't we
> > > have a similar one for calloc, and perhaps do it solely in
> > > the case where one uses sizeof of the type used in the cast
> > > pointer?
> > > So warn for
> > > (struct S *) calloc (sizeof (struct S), 1)
> > > or
> > > (struct S *) calloc (sizeof (struct S), n)
> > > but not for
> > > (struct S *) calloc (4, 15)
> > > or
> > > (struct S *) calloc (sizeof (struct T), 1)
> > > or similar? Of course check for compatible types of TYPE_MAIN_VARIANTs.
> >
> > Yes, although in contrast to -Wmeset-transposed-args
> > this would be considered a "style" option which then
> > nobody would activate. And if we put it into -Wextra
> > then we have the same situation as today.
>
> Well, the significant difference would be that users would
> know that they got the size for the allocation right, just
> that a coding style says it is better to put the type's size
> as the second argument rather than first, and they could disable
> that warning separately from -Walloc-size and still get warnings
> on (struct S *) calloc (1, 1) or (struct S *) malloc (3) if
> sizeof (struct S) is 24...
Ok.
Note that another limitation of the current version is that it
does not warn for
... = (struct S*) calloc (...)
with the cast (which is non-idiomatic in C). This is also
something I would like to address in the future and would be
more important for the C++ version. But for this case it
should probably use the type of the cast and the warning
needs to be added somewhere else in the FE.
Martin
