https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66773
Bug ID: 66773
Summary: sign-compare warning for == and != are pretty useless
Product: gcc
Version: 4.7.2
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: daniel.marjamaki at gmail dot com
Target Milestone: ---
I wrote a clang bug report:
https://llvm.org/bugs/show_bug.cgi?id=24036
I recommend that -Wsign-compare is not written for == and != comparisons.
For relational comparisons the sign makes a direct difference, the result of 'a
> b' can be different if you do a sign-cast of an operand.
For equality comparisons the sign does not make a direct difference. the result
of 'a == b' is the same even if you sign-cast an operand.
Code example:
void f(signed int a, unsigned int b) {
if (a == b) {}
}
gcc writes this warning:
signcompare.c:3:19: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
In my humble opinion the risk of a real bug here is really low. a has to be
negative. b has to be really large (unlikely). the bitpatterns of a and b has
to match. if the bitpatterns do match it might actually be the intention that
the test should succeed. but if that is not intentional then there is a bug.
The proper fix for this is to write:
if (a >= 0 && a == b) {}
However I have seen that this is fixed wrongly by a useless cast.
This kind of false positive is indirectly a security problem. People routinely
hide these false positives using casts or changed variable types etc. and that
cause bugs and hides other real warnings.
In my humble opinion the risk of a bug here is really low.
The proper fix for this is to write:
if (a >= 0 && a == b) {}
However I have seen that this is fixed by a useless cast.
This kind of false positive is indirectly a security problem. People routinely
hide these false positives using casts or changed variable types etc. and that
cause bugs and hides other real warnings.
