Re: [DNG] semantic of sizeof operator in C (was: simple-netaid from scratch)

2019-06-12 Thread John Morris 
On Wed, 2019-06-12 at 08:40 -0400, Hendrik Boom wrote:
> 
> More precisely, sizeof(foo) is the spacing of consecutive elements of
> type foo.

Most importantly for most people, malloc(sizeof(foo)*n) must not cause
unexpected things like a kaboom.

signature.asc
Description: This is a digitally signed message part
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] semantic of sizeof operator in C (was: simple-netaid from scratch)

2019-06-12 Thread Irrwahn 
Hendrik Boom wrote on 12.06.19 14:40:
> On Wed, Jun 12, 2019 at 01:47:42PM +0200, Irrwahn wrote:
> 
>>
>> There is nothing wrong here. Gcc reports the size that is necessary to 
>> store an object of type sesqui_int, including any padding that has been
>> applied, e.g. for alignment reasons. An array of n elements of that type 
>> will in turn always be reported by sizeof as having *exactly* n times 
>> that size, in bytes. Gcc is therefore in accordance with the language 
>> definition. 
> 
> More precisely, sizeof(foo) is the spacing of consecutive elements of type 
> foo.
> 
> -- hendrik

Thank you Hendrik, that is indeed very aptly phrased! 

Just for the sake of completeness, the actual language definition 
takes the usual wordy but precise approach in Standardese:

 ISO/IEC 9899:2011 
 | 6.5.3.4 The sizeof and _Alignof operators
 | [...]
 | 2 The sizeof operator yields the size (in bytes) of its operand, 
 | which may be an expression or the parenthesized name of a type. 
 | The size is determined from the type of the operand. The result 
 | is an integer. If the type of the operand is a variable length 
 | array type, the operand is evaluated; otherwise, the operand is 
 | not evaluated and the result is an integer constant.
 | [...]
 | 4 When sizeof is applied to an operand that has type char, unsigned 
 | char, or signed char, (or a qualified version thereof) the result 
 | is 1. When applied to an operand that has array type, the result is 
 | the total number of bytes in the array. When applied to an operand 
 | that has structure or union type, the result is the total number of 
 | bytes in such an object, including internal and trailing padding.


Best regards

Urban

-- 
Sapere aude!



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] semantic of sizeof operator in C (was: simple-netaid from scratch)

2019-06-12 Thread Hendrik Boom 
On Wed, Jun 12, 2019 at 01:47:42PM +0200, Irrwahn wrote:

> 
> There is nothing wrong here. Gcc reports the size that is necessary to 
> store an object of type sesqui_int, including any padding that has been
> applied, e.g. for alignment reasons. An array of n elements of that type 
> will in turn always be reported by sizeof as having *exactly* n times 
> that size, in bytes. Gcc is therefore in accordance with the language 
> definition. 

More precisely, sizeof(foo) is the spacing of consecutive elements of type foo.

-- hendrik

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] semantic of sizeof operator in C (was: simple-netaid from scratch)

2019-06-12 Thread Irrwahn 
Didier Kryn wrote on 12.06.19 12:15:
[...]

Hi Didier,

please allow me to clear up some apparent misconceptions below.

> 
>      What I meant in this discussion is that sizeof() allows to 
> calculate the number of elements of an array, because we make 
> assumptions on data layout, but this is an artefact and I don't think it 
> is specified by the language wether the result is exact or not.
> 
>      Let's consider the following type:
> 
> typedef struct {int i; short h} sesqui_int;
> 
>      One would naively consider that sizeof(sesqui_int) is equal to 6. 
> But, with gcc, the value is 8, which looses 2 bytes in which it could 
> store a short or two chars. This is because this struct must be aligned 
> on a 4-byte boundary and, if you make an array of these, 
> sizeof(sesqui_int)*number_of_elements must give the size of the array. 
> Gcc has chosen to return a wrong sizeof() for the sake of preserving a 
> naive size arithmetic.

There is nothing wrong here. Gcc reports the size that is necessary to 
store an object of type sesqui_int, including any padding that has been
applied, e.g. for alignment reasons. An array of n elements of that type 
will in turn always be reported by sizeof as having *exactly* n times 
that size, in bytes. Gcc is therefore in accordance with the language 
definition. 

I assume the misunderstanding here was that sizeof should report the 
minimal size an object would occupy in the absence of any alignment
requirements etc. imposed by the actual platform. This is not what sizeof 
is designed to do. Instead it shall report the *actual* amount of memory 
required to store such an object. If you expected something else you 
already made unwarranted assumptions about implementation details that 
should not matter to you as the programmer.

> 
>      Another implementation of the C language might decide to add 
> headers to arrays, in which it would store the size to perform strict 
> runtime checks. In this case the size of an array would be larger than 
> the sum of the sizes of its elements.

No, it must not. This is prohibited by the definitions and constraints 
in the C standard. The introduction of array headers would for example 
lead to  
  (void *) == (void *)[0]
not always being true, which would contradict the language definition. 
In other words, your hypothetical implementation would implement some 
language that is not C, by definition. 

On a somewhat related note: Any padding present in a struct can never 
appear at the start of that struct, i. e. the address of an object of 
structural type is guaranteed to always compare equal to the address 
of its first member.

> 
>      Therefore this use of sizeof(), even though widespread, remains a 
> trick.

Not so.  Num_array_elements = sizeof array / sizeof element is neither 
a trick nor an accident, but rather idiomatic C . It is guaranteed by 
the C standard (any version) to yield the correct element count. 
Predicting the behavior of any non-trivial C program would be a crap 
shot otherwise. Moreover, it would make impossible to reliably allocate 
dynamic memory for arrays, consider the well-known (and correct) idiom:

  some_type *arr = malloc(num_elements * sizeof *p);


And while we're at it, please let me add some random interesting facts 
about the sizeof operator one should be aware of: 

* Being the operand of the sizeof operator is one of the few cases 
  where an array designator does not decay into a pointer to its first 
  element, and a non-array lvalue is not converted to the value stored 
  in the designated object; e.g. the *p in the example above does _not_
  dereference p. (All of this is a fancy way of saying that sizeof 
  looks strictly only at the type of its operand, not its value).

* Since C99 there is one important exception to the rule that the 
  sizeof operator is evaluated at translation time, and that is when 
  applied to VLAs (variable length arrays) - for obvious reasons.

* The parentheses around the operand of sizeof are only mandatory, if
  said operand is a type name. For ordinary object designators (lvalues)
  they arguably add unnecessary clutter and may mislead novices into 
  the false belief that sizeof is a function, which it is not.


I hope that helped clear things up a bit. 


Best regards,

Urban
-- 
Sapere aude!



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng