Hi Joseph, Martin, On Tue, Aug 19, 2025 at 08:31:04AM +0200, Martin Uecker wrote: > Am Montag, dem 18.08.2025 um 23:19 +0000 schrieb Joseph Myers: > > On Fri, 15 Aug 2025, Alejandro Colomar wrote: > > > On Thu, Aug 14, 2025 at 10:03:00PM +0000, Joseph Myers wrote: > > > > On Thu, 14 Aug 2025, Alejandro Colomar wrote: > > > > > > > > > And I'm proposing it as a GNU extension, which means we don't even > > > > > need > > > > > to care about what ISO C says about [n]. We, as a quality > > > > > implementation, treat it with stronger semantics, which this patch > > > > > uses. > > > > > > > > As a GNU extension, it's also necessary to define semantics in the > > > > presence of parameter forward declarations. > > > > > > I'd say that if there are conflicting declarations the behavior is > > > undefined. So, if you have [2] and [3], think again what you're doing. > > > > We shouldn't introduce undefined behavior like that. And the declarations > > *aren't* conflicting under current language semantics. It's the > > introduction of this _Countof extension that has significant implications > > for the conceptual model of how parameter declarations are handled in C > > and introduces such a conflict.
I recently discovered that we wouldn't be introducing and new undefined
behavior. That same undefined behavior already exists today in GCC 16:
alx@devuan:~/tmp$ cat cap.c
int
f(int n, int a[][n]; int n, int a[][n+1])
{
return _Countof(a[0]);
}
int
main(void)
{
int a[42];
return f(42, &a);
}
alx@devuan:~/tmp$ /opt/local/gnu/gcc/maxof8/bin/gcc -Wall -Wextra cap.c
alx@devuan:~/tmp$ ./a.out
alx@devuan:~/tmp$ echo $?
43
There's absolutely no difference between _Countof() on array parameters
and _Countof() on actual VLAs. You can have bogus forward declarations
of both, and the UB is equal for both.
It would be nice to have diagnostics, of course, but that would be
orthogonal.
> Taking the size of the definition in _Countof seems largely orthogonal to
> the question on how one deals with inconsistencies with forward declarations
> of the function or parameters.
Agree.
> Forming a composite type could allow this
> in even more cases later, but this seems unproblematic to add later.
>
> The only possible change in semantics I can see would be where a VLA becomes
> a fixed size array when forming a composite type, so the _Countof becomes
> a constant where it would now still be a run-time value. So while I agree
> in general that we should be careful, I would not see this as a risky change
> for GCC even when the other papers are subject to change or not adopted at
> all.
>
> But I agree that it would make sense to have a complete discussion of this
> topic before moving forward.
>
>
> In the meantime, there are plenty of other things to do. A step forward
> could be to add warnings for the case when thesize of an array parameter
> is inconsistent with a forward declaration.
I tried, but don't feel qualified to do that. The current code is quite
complex, as we discussed recently. :)
Have a lovely night!
Alex
> Such warnings seem to be
> desirable in any case. There are many other cases related to this general
> areas where we still miss "obvious" warnings.
>
> Martin
>
>
--
<https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
