Re: -Wcast-qual consistency with initialization conversion and double pointer types
Am Montag, dem 17.06.2024 um 12:06 + schrieb Joseph Myers: > On Sun, 16 Jun 2024, Martin Uecker via Gcc wrote: > > > I think it should not warn about: > > > > char *x; > > *(char * volatile *) > > > > as this is regular qualifier adding and this is > > a bug in GCC. > > > > I would guess it looks at all qualifiers added at > > all level but should ignore the one on the first level. > > This is meant to be implementing, as an extension to C, the C++ rules > (where converting from char** to const char** is unsafe, but converting > from char** to const char*const* is safe). So the first question is what > C++ thinks of this conversion. > Note that this is about the case where no third-level qualifier is added. We should still warn about converting from char** to const char **, and to volatile char ** but probably not (I think) when converting to char*const*, const char*const*, volatile char*const*, and also not when converting to char*volatile*. So not when all intermediate casts are const but also not when only a qualifier is added to the second level but not to deeper levels. Martin
Re: -Wcast-qual consistency with initialization conversion and double pointer types
On Sun, 16 Jun 2024, Martin Uecker via Gcc wrote: > I think it should not warn about: > > char *x; > *(char * volatile *) > > as this is regular qualifier adding and this is > a bug in GCC. > > I would guess it looks at all qualifiers added at > all level but should ignore the one on the first level. This is meant to be implementing, as an extension to C, the C++ rules (where converting from char** to const char** is unsafe, but converting from char** to const char*const* is safe). So the first question is what C++ thinks of this conversion. -- Joseph S. Myers josmy...@redhat.com
Re: -Wcast-qual consistency with initialization conversion and double pointer types
On Sun, Jun 16, 2024 at 12:33 AM Martin Uecker wrote: > > > I think it should not warn about: > > char *x; > *(char * volatile *) > > as this is regular qualifier adding and this is > a bug in GCC. > I can file a bug if it is indeed one. > I would guess it looks at all qualifiers added at > all level but should ignore the one on the first level. > > Martin It looks to me like handle_warn_cast_qual() does ignore qualifiers at the outermost level, but it is only examining the cast itself (so e.g. it will not complain about cast from char ** to char ** volatile). If by first level, you mean the level after the outermost, that would solve my issue, but I'm unsure if it provides the originally intended warnings. On the other hand, there is also currently no warning for a cast from char const ** to char const * const *. Maybe this was likewise intended to be accepted as "regular qualifier adding". If you mean in the context of the larger expression which dereferences the outer pointer, this seems more clearly not dangerous, but glancing through the code, I'm not sure if we have that context where the warning is generated. Ryan
Re: -Wcast-qual consistency with initialization conversion and double pointer types
I think it should not warn about:
char *x;
*(char * volatile *)
as this is regular qualifier adding and this is
a bug in GCC.
I would guess it looks at all qualifiers added at
all level but should ignore the one on the first level.
Martin
Am Samstag, dem 15.06.2024 um 10:17 -0700 schrieb Ryan Libby via Gcc:
> I'm not a C language expert and I'm looking for advice on whether a
> -Wcast-qual diagnostic in one situation and not another is intentional
> behavior.
>
> Here's a set of examples (same as attachment).
>
> % cat cast-qual-example.c
> #define F(name, type, qual) \
> typedef type t_##name; \
> void name(void) { \
> t_##name x = 0, y, z; \
> y = *(t_##name qual *) \
> z = *(t_##name qual *){}; \
> }
>
> F(fcc, char, const)
> F(fpc, char *, const)
> F(fcv, char, volatile)
> F(fpv, char *, volatile)
>
> void fpv2(void) {
> char *x = 0, *y, *z;
> y = *(char * volatile *)
> z = *(char * volatile *){};
> }
>
> void eg1(void) {
> /* Adapted from -Wcast-qual doc */
> char v0 = 'v';
> char *v1 =
> char **p =
> /* p is char ** value. */
> char * volatile *q = (char * volatile *) p;
> /* Assignment of volatile pointer to char is OK. */
> char u0 = 'u';
> char * volatile u1 =
> *q = u1;
> /* Now *q is accessed through a non-volatile-qualified pointer. */
> *p = 0;
> }
>
> void eg2(void) {
> char v = 'v';
> char *p =
> /* p is char * value. */
> char volatile *q = (char volatile *) p;
> /* Assignment of volatile char is OK (and also plain char). */
> char volatile u = 'u';
> *q = u;
> /* Now *q is accessed through a non-volatile-qualified pointer. */
> *p = 0;
> }
>
> % gcc13 -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
> cast-qual-example.c -o /dev/null
> cast-qual-example.c: In function 'fpv':
> cast-qual-example.c:5:14: warning: to be safe all intermediate
> pointers in cast from 'char **' to 'char * volatile*' must be 'const'
> qualified [-Wcast-qual]
> 5 | y = *(t_##name qual *) \
> | ^
> cast-qual-example.c:12:1: note: in expansion of macro 'F'
>12 | F(fpv, char *, volatile)
> | ^
> cast-qual-example.c: In function 'fpv2':
> cast-qual-example.c:16:14: warning: to be safe all intermediate
> pointers in cast from 'char **' to 'char * volatile*' must be 'const'
> qualified [-Wcast-qual]
>16 | y = *(char * volatile *)
> | ^
> cast-qual-example.c: In function 'eg1':
> cast-qual-example.c:26:30: warning: to be safe all intermediate
> pointers in cast from 'char **' to 'char * volatile*' must be 'const'
> qualified [-Wcast-qual]
>26 | char * volatile *q = (char * volatile *) p;
> | ^
> % clang -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
> cast-qual-example.c -o /dev/null
> %
>
> The macro and typedef are to illustrate the point, they aren't otherwise
> needed, and fpv2 shows the same thing without them.
>
> So, in the conversion of char ** to char * volatile *, the cast before
> the assignment of y is diagnosed, but the conversion in the
> initialization of the compound literal for the assignment of z is not.
>
> First, is the cast construct actually different from the initialization
> construct in terms of safety? I would think not, but maybe I am
> missing something.
>
> I think that both assignment expressions in fpv as a whole are
> ultimately safe, considering also the immediate dereference of the
> temporary outer pointer value.
>
> In eg1 and eg2 I modified examples from the -Wcast-qual documentation.
> eg1 is diagnosed, eg2 is not.
>
> I think that the *p assignment in eg1 might be undefined behavior
> (6.7.3, referring to an object with volatile-qualified type (*q) through
> an lvalue without volatile-qualified type (*p)).
>
> But then I don't get why the same wouldn't be true if we take away the
> inner pointer and repeat the exercise with plain char (eg1 vs eg2).
>
> So, what's going on here? Is the gcc behavior intentional? Is it
> consistent? And is there a recommended way to construct a temporary
> volatile pointer to an object (which may itself be a pointer) without
> tripping -Wcast-qual, without just casting away type information (as in,
> without intermediate casts through void *, uintptr_t, etc), and
> preferably also without undefined behavior?
>
> I have checked that the behavior is the same with current sources and
> -std=c23 (gcc (GCC) 15.0.0 20240614 (experimental)).
>
> P.s. I have seen gcc bug 84166 that advises that the -Wcast-qual warning
> from the cast is intentional in that case. I think this case is
> different because in that case the qualifiers are on the innermost type.
>
> Thank you,
>
> Ryan Libby
-Wcast-qual consistency with initialization conversion and double pointer types
I'm not a C language expert and I'm looking for advice on whether a
-Wcast-qual diagnostic in one situation and not another is intentional
behavior.
Here's a set of examples (same as attachment).
% cat cast-qual-example.c
#define F(name, type, qual) \
typedef type t_##name; \
void name(void) { \
t_##name x = 0, y, z; \
y = *(t_##name qual *) \
z = *(t_##name qual *){}; \
}
F(fcc, char, const)
F(fpc, char *, const)
F(fcv, char, volatile)
F(fpv, char *, volatile)
void fpv2(void) {
char *x = 0, *y, *z;
y = *(char * volatile *)
z = *(char * volatile *){};
}
void eg1(void) {
/* Adapted from -Wcast-qual doc */
char v0 = 'v';
char *v1 =
char **p =
/* p is char ** value. */
char * volatile *q = (char * volatile *) p;
/* Assignment of volatile pointer to char is OK. */
char u0 = 'u';
char * volatile u1 =
*q = u1;
/* Now *q is accessed through a non-volatile-qualified pointer. */
*p = 0;
}
void eg2(void) {
char v = 'v';
char *p =
/* p is char * value. */
char volatile *q = (char volatile *) p;
/* Assignment of volatile char is OK (and also plain char). */
char volatile u = 'u';
*q = u;
/* Now *q is accessed through a non-volatile-qualified pointer. */
*p = 0;
}
% gcc13 -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
cast-qual-example.c -o /dev/null
cast-qual-example.c: In function 'fpv':
cast-qual-example.c:5:14: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
5 | y = *(t_##name qual *) \
| ^
cast-qual-example.c:12:1: note: in expansion of macro 'F'
12 | F(fpv, char *, volatile)
| ^
cast-qual-example.c: In function 'fpv2':
cast-qual-example.c:16:14: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
16 | y = *(char * volatile *)
| ^
cast-qual-example.c: In function 'eg1':
cast-qual-example.c:26:30: warning: to be safe all intermediate
pointers in cast from 'char **' to 'char * volatile*' must be 'const'
qualified [-Wcast-qual]
26 | char * volatile *q = (char * volatile *) p;
| ^
% clang -std=c17 -Wall -Wextra -Wcast-qual -Wno-unused -c
cast-qual-example.c -o /dev/null
%
The macro and typedef are to illustrate the point, they aren't otherwise
needed, and fpv2 shows the same thing without them.
So, in the conversion of char ** to char * volatile *, the cast before
the assignment of y is diagnosed, but the conversion in the
initialization of the compound literal for the assignment of z is not.
First, is the cast construct actually different from the initialization
construct in terms of safety? I would think not, but maybe I am
missing something.
I think that both assignment expressions in fpv as a whole are
ultimately safe, considering also the immediate dereference of the
temporary outer pointer value.
In eg1 and eg2 I modified examples from the -Wcast-qual documentation.
eg1 is diagnosed, eg2 is not.
I think that the *p assignment in eg1 might be undefined behavior
(6.7.3, referring to an object with volatile-qualified type (*q) through
an lvalue without volatile-qualified type (*p)).
But then I don't get why the same wouldn't be true if we take away the
inner pointer and repeat the exercise with plain char (eg1 vs eg2).
So, what's going on here? Is the gcc behavior intentional? Is it
consistent? And is there a recommended way to construct a temporary
volatile pointer to an object (which may itself be a pointer) without
tripping -Wcast-qual, without just casting away type information (as in,
without intermediate casts through void *, uintptr_t, etc), and
preferably also without undefined behavior?
I have checked that the behavior is the same with current sources and
-std=c23 (gcc (GCC) 15.0.0 20240614 (experimental)).
P.s. I have seen gcc bug 84166 that advises that the -Wcast-qual warning
from the cast is intentional in that case. I think this case is
different because in that case the qualifiers are on the innermost type.
Thank you,
Ryan Libby
#define F(name, type, qual) \
typedef type t_##name; \
void name(void) { \
t_##name x = 0, y, z; \
y = *(t_##name qual *) \
z = *(t_##name qual *){}; \
}
F(fcc, char, const)
F(fpc, char *, const)
F(fcv, char, volatile)
F(fpv, char *, volatile)
void fpv2(void) {
char *x = 0, *y, *z;
y = *(char * volatile *)
z = *(char * volatile *){};
}
void eg1(void) {
/* Adapted from -Wcast-qual doc */
char v0 = 'v';
char *v1 =
char **p =
/* p is char ** value. */
char * volatile *q = (char * volatile *) p;
/* Assignment of volatile pointer to char is OK. */
char u0 = 'u';
