Re: -Wcast-qual consistency with initialization conversion and double pointer types

2024-06-16 Thread Ryan Libby via Gcc 
On Sun, Jun 16, 2024 at 12:33 AM Martin Uecker  wrote:
>
>
> I think it should not warn about:
>
> char *x;
> *(char * volatile *)
>
> as this is regular qualifier adding and this is
> a bug in GCC.
>

I can file a bug if it is indeed one.

> I would guess it looks at all qualifiers added at
> all level but should ignore the one on the first level.
>
> Martin

It looks to me like handle_warn_cast_qual() does ignore qualifiers at
the outermost level, but it is only examining the cast itself (so e.g.
it will not complain about cast from char ** to char ** volatile).

If by first level, you mean the level after the outermost, that would
solve my issue, but I'm unsure if it provides the originally intended
warnings.  On the other hand, there is also currently no warning for a
cast from char const ** to char const * const *.  Maybe this was
likewise intended to be accepted as "regular qualifier adding".

If you mean in the context of the larger expression which dereferences
the outer pointer, this seems more clearly not dangerous, but glancing
through the code, I'm not sure if we have that context where the warning
is generated.

Ryan

-Wcast-qual consistency with initialization conversion and double pointer types

2024-06-15 Thread Ryan Libby via Gcc 
I'm not a C language expert and I'm looking for advice on whether a
-Wcast-qual diagnostic in one situation and not another is intentional
behavior.

Here's a set of examples (same as attachment).

% cat cast-qual-example.c
#define F(name, type, qual) \
typedef type t_##name;  \
void name(void) {   \
t_##name x = 0, y, z;   \
y = *(t_##name qual *)   \
z = *(t_##name qual *){}; \
}

F(fcc, char, const)
F(fpc, char *, const)
F(fcv, char, volatile)
F(fpv, char *, volatile)

void fpv2(void) {
char *x = 0, *y, *z;
y = *(char * volatile *)
z = *(char * volatile *){};
}

void eg1(void) {
/* Adapted from -Wcast-qual doc */
char v0 = 'v';
char *v1 = 
char **p = 
/* p is char ** value.  */
char * volatile *q = (char * volatile *) p;
/* Assignment of volatile pointer to char is OK. */
char u0 = 'u';
char * volatile u1 = 
*q = u1;
/* Now *q is accessed through a non-volatile-qualified pointer. */
*p = 0;
}

void eg2(void) {
char v = 'v';
char *p = 
/* p is char * value.  */
char volatile *q = (char volatile *) p;
/* Assignment of volatile char is OK (and also plain char). */
char volatile u = 'u';
*q = u;
/* Now *q is accessed through a non-volatile-qualified pointer. */
*p = 0;
}

% gcc13 -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
cast-qual-example.c -o /dev/null
cast-qual-example.c: In function 'fpv':
cast-qual-example.c:5:14: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
5 | y = *(t_##name qual *)   \
  |  ^
cast-qual-example.c:12:1: note: in expansion of macro 'F'
   12 | F(fpv, char *, volatile)
  | ^
cast-qual-example.c: In function 'fpv2':
cast-qual-example.c:16:14: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
   16 | y = *(char * volatile *)
  |  ^
cast-qual-example.c: In function 'eg1':
cast-qual-example.c:26:30: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
   26 | char * volatile *q = (char * volatile *) p;
  |  ^
% clang -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
cast-qual-example.c -o /dev/null
%

The macro and typedef are to illustrate the point, they aren't otherwise
needed, and fpv2 shows the same thing without them.

So, in the conversion of char ** to char * volatile *, the cast before
the assignment of y is diagnosed, but the conversion in the
initialization of the compound literal for the assignment of z is not.

First, is the cast construct actually different from the initialization
construct in terms of safety?  I would think not, but maybe I am
missing something.

I think that both assignment expressions in fpv as a whole are
ultimately safe, considering also the immediate dereference of the
temporary outer pointer value.

In eg1 and eg2 I modified examples from the -Wcast-qual documentation.
eg1 is diagnosed, eg2 is not.

I think that the *p assignment in eg1 might be undefined behavior
(6.7.3, referring to an object with volatile-qualified type (*q) through
an lvalue without volatile-qualified type (*p)).

But then I don't get why the same wouldn't be true if we take away the
inner pointer and repeat the exercise with plain char (eg1 vs eg2).

So, what's going on here?  Is the gcc behavior intentional?  Is it
consistent?  And is there a recommended way to construct a temporary
volatile pointer to an object (which may itself be a pointer) without
tripping -Wcast-qual, without just casting away type information (as in,
without intermediate casts through void *, uintptr_t, etc), and
preferably also without undefined behavior?

I have checked that the behavior is the same with current sources and
-std=c23 (gcc (GCC) 15.0.0 20240614 (experimental)).

P.s. I have seen gcc bug 84166 that advises that the -Wcast-qual warning
from the cast is intentional in that case.  I think this case is
different because in that case the qualifiers are on the innermost type.

Thank you,

Ryan Libby
#define	F(name, type, qual)		\
typedef type t_##name;			\
void name(void) {			\
	t_##name x = 0, y, z;		\
	y = *(t_##name qual *)	\
	z = *(t_##name qual *){};	\
}

F(fcc, char, const)
F(fpc, char *, const)
F(fcv, char, volatile)
F(fpv, char *, volatile)

void fpv2(void) {
	char *x = 0, *y, *z;
	y = *(char * volatile *)
	z = *(char * volatile *){};
}

void eg1(void) {
	/* Adapted from -Wcast-qual doc */
	char v0 = 'v';
	char *v1 = 
	char **p = 
	/* p is char ** value.  */
	char * volatile *q = (char * volatile *) p;
	/* Assignment of volatile pointer to char is OK. */
	char u0 = 'u';