Hi Alejandro!
Am Mittwoch, dem 09.08.2023 um 12:42 +0200 schrieb Alejandro Colomar:
...
>
> As for when one would want to mean the first (size of array)
> but not _Nonnull: for a function where you may pass either
> an array (which should not be smaller than the size), or a
> sentinel NULL value.
>
> Nevertheless, I floated the idea that [static] is completely
> unnecessary, and nobody has yet been against it.
>
> GCC could perfectly add a warning for the following case:
>
> void foo(size_t n, int a[n]);
>
> int
> main(void)
> {
> int a[7];
>
> foo(42, a);
> }
>
> Nobody in their right mind would specify a size of an array
> in a parameter and expect that passing a smaller array than
> that can produce a valid program. So, why not make that a
> Wall warning?
But we have this warning! is even activated by
default without -Wall and already since GCC 11:
https://godbolt.org/z/sMbTon458
But this is for minimum required elements. How do
we differentiate between null and non-null?
We have:
int[] or int* // no bound, nullable
int[N] // at least N, nullable
int[static N] // at least N, nonnull
The 'static' implies nonnull, so we could
use 'static' to diffentiate between nonnull
and nullable.
What is missing something which implies bounds
also inside the callee. You can use the "access"
attribute or we extend the meaning of int[N]
and int[static N] also imply a maximum bound.
Martin
