On Sat, Jun 4, 2022 at 12:27 PM Yair Lenga via Gcc <gcc@gcc.gnu.org> wrote:
>
> Before becoming a "C" programmer, I spent few years building simulations in
> Pascal. I still remember (and long for) the ability to define integer with
> range constraints:
>
> var foobar: 10..50 ; // Accept 10, 11, 12, ..., 49, 50
Just noting this is a range on a variable declaration while ...
> The specific non-zero constraint is a specific implementation of the range
> operator (with some exception see below). Wanted to suggest going for
> more ambitious goal: add min and max attributes to (integer) types and
> variables. This will address the specific case of non-zero, but has a lot
> of potential to be built upon: can be used for compile time testing, run
> time parameter checking, storage optimization (similar to packed), run time
> optimization (e.g. eliminating runtime tests), .... Also expected range
> information can have a positive impact on code safety/validation.
>
> typedef int postivieInt __attribute__ (minValue(1), maxValue(INTMAX) ;
> typedef int foobar __attribute__ ((minValue(10), maxValue(50)) ;
... this would be on a type. GCC internally has TYPE_{MIN,MAX}_VALUE
but no such thing on declarations which means that either the
attribute should be restricted to types or it would need to create distinct
types on-the-fly when applied to declarations. I'm sure Ada supports something
similar btw.
Richard.
> If this can be implemented, it will provide for much more
> flexibility (e.g., ability to specify that any specific parameter must be
> non-zero).
>
> int foo (int x __attribute__ (minValue(1)), int y, int z __attribute__
> (minValue(1)) ;
>
> int foo (positiveInt x, int y, positiveInt y) ;
>
> Assuming this can be implemented, compile time tests should be automatic,
> whenever possible. Run time tests should be enabled with flags (to allow
> optimized code to run without expensive run time tests).
>
> Note1:
> While for many use cases non-zero (including forcing ENUM value, and
> minValue(1) are the same, the above does not cover the user case where a
> signed int does not accept a zero. For this use case, I believe the nonZero
> attribute is still needed.
>
> typedef int limitedInt __attribute((minValue(-20)), maxValue(+20), nonZero)
>
> I do recall that few other languages had similar abilities (Ada, Java (via
> annotations), ...)
>
> Yair
>
>
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Miika <nyks...@protonmail.com>
> > To: "gcc@gcc.gnu.org" <gcc@gcc.gnu.org>
> > Cc:
> > Bcc:
> > Date: Fri, 03 Jun 2022 16:34:48 +0000
> > Subject: [RFC] Support for nonzero attribute
> > Hello,
> >
> > I would like to add support for new attribute: nonzero.
> > Nonzero attribute works the same way as nonnull but instead of checking for
> > NULL, it checks for integer or enum with value 0.
> >
> > Nonzero attribute would issue warnings with new compiler flag
> > -Wnonzero and -Wnonzero-compare.
> >
> > Nonzero could be useful when user wants to make sure that for example enum
> > with value of 0 is not used or flag argument is not set to 0.
> >
> >
> > For example compiling following code with "gcc -Wnonzero -Wnonzero-compare
> > foo.c"
> >
> > #include <stdio.h>
> > enum bar{NONE, SOME};
> >
> > void foo(int d, enum bar b) __attribute__ ((nonzero (1, 2)));
> > void foo(int d, enum bar b) {
> > printf("%d\n", d == 0);
> > printf("%d\n", b == NONE);
> > }
> >
> > int main() {
> > foo(0, NONE);
> > }
> >
> >
> > Would give the following error
> >
> > foo.c: In function 'main':
> > foo.c:11:9: warning: zero argument where nonzero required (argument 1)
> > [-Wnonzero]
> > 11 | foo(0, NONE);
> > | ^~~
> > ...
