On 2022-12-12 08:12, Christos Zoulas wrote:
How about changing it then to be:
sum <= (ptrdiff_t)min(PTRDIFF_MAX, SIZE_MAX)
This does the check explicitly and avoids the signed/unsigned warning? It is also what the #else part of the code does... This pattern lives in many places, so we could put the RHS of the expression to a #define?
Sure, we can do that. The attached proposed patch (installed in the development repository) uses a new macro INDEX_MAX to capture this notion. This shouldn't change behavior (or even generated code) but can help clarify things. (Although I'm not a fan of casts I don't see how to avoid it here.)
There are also a bunch of places now where you get sign comparison warnings (where ptrdiff_t is compared to size_t, like sizeof() or the result of strlen(3).
That's OK, they're false alarms: GCC and Clang go overboard in this department. To pacify the compilers you can compile with -Wno-sign-compare as suggested in Makefile's GCC_DEBUG_FLAGS macro.
I think that the ptrdiff_t changes make things more complicated...
Yes, it's a tradeoff between complexity now, and simplicity/safety in the long run. Once we can assume C23 (say, 30 years from now!) we can get rid of the trickier code that ports to C17 and earlier. In the meantime as C23 becomes more popular we can start using the simpler code. (I did resist the temptation in the tricky code to write "itemsize**nitems_alloc", which though correct doesn't mean what it looks like....)
By the way, I'd been meaning to try to sync tzdb localtime.c with NetBSD's at some point. Shouldn't be that hard, I'd think, and might help get bugs fixed faster (in both directions).
That would be great!
OK, thanks, I'll add that to my list of things to do.