-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use macros from limits.h
to prevent signed integer wrap-around warnigns
#13083
base: trunk
Are you sure you want to change the base?
Conversation
limits.h
to prevent signed integer wrap-around warnigns
runtime/caml/config.h
Outdated
@@ -140,16 +140,19 @@ typedef unsigned char uint8_t; | |||
typedef long intnat; | |||
typedef unsigned long uintnat; | |||
#define ARCH_INTNAT_PRINTF_FORMAT "l" | |||
#define INTNAT_MIN LONG_MIN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tried moving these defines to runtime/caml/misc.h
? runtime/caml/config.h
doesn't include <limits.h>
but these new macros depend on it, so it would make more sense to define them in a place where <limits.h>
is included.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm, it's true that config.h
is missing limits.h
, but adding the following to misc.h
also seems like wasted duplication.
#if SIZEOF_PTR == SIZEOF_LONG
/* Standard models: ILP32 or I32LP64 */
#define INTNAT_MIN LONG_MIN
#elif SIZEOF_PTR == SIZEOF_INT
/* Hypothetical IP32L64 model */
#define INTNAT_MIN INT_MIN
#elif SIZEOF_PTR == 8
/* Win64 model: IL32P64 */
#define INTNAT_MIN INT64_MIN
#endif
config.h
could include limits.h
instead, we've switched to C11, and most of the compatibility code around C99 integer types seems to have been added for old MSVC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The preprocessor logic duplication is unfortunate but probably acceptable (with a comment telling it must match what's in config.h
) if adding <limits.h>
to config.h
is considered too large a change.
I think a Changes
entry will be required if config.h
now includes <limits.h>
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm opting to add limits.h
to config.h
. I think a follow-up PR could switch entirely to C99 fixed-width integers all the macros and defines of config.h
.
68289f9
to
d36498c
Compare
I'll review this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is all good, a clear improvement.
d36498c
to
3b61291
Compare
Thanks, I've rebased on trunk and added you as a reviewer. |
What about using |
This makes sense to me, and could remove the test for While we're on the subject, it's surprising to me that we don't seem to have, or use, |
Right. <stdint.h> is standard since C99, and OCaml 5 requires C11, so we should use <stdint.h> unconditionally and remove the configure test for it. |
3b61291
to
1b08350
Compare
Two good suggestions. I've changed the definitions to use the |
What I meant about |
1b08350
to
3ba9f9b
Compare
I've rebased this PR.
I've introduced |
On reflection we shouldn't change |
My thoughts also, I'll remove that commit.
but on 64-bits arches, only |
3ba9f9b
to
b350290
Compare
Introduce the macro INTNAT_MIN.
This fixes the warning from MSVC raised on -0x80000000. > warning C4146: unary minus operator applied to unsigned type, result > still unsigned The other replacements are made for consistency and, hopefully, legibility.
b350290
to
2b71514
Compare
The code is currently correct since we use wrap-around semantics for signed integers (
-fwrapv
), but:Using constants from
<limits.h>
instead allows for self-documenting code and silences these warnings.Computing the minimum signed integer
From the standard (which I recall doesn't consider wrap-around semantics for signed integers):
The problem being that the result of
1 << CHAR_BIT * sizeof(int) - 1
to compute the minimumint
can't be represented in the result type (it's 2^63, but the maximum is 2^63-1); without wrap-around.Introduce the
INTNAT_MIN
macro to avoid independent re-definitions of this value.Is a change entry needed?
This also prevents warnings raised under Windows by clang-cl and improves code quality with MSVC.
(I might have confused undefined behavior with unspecified behavior, oh well)