Bug 259 Comparing signed to unsigned does not generate an error #1913
Conversation
|
This one is blocked by bug 9960 |
|
Added test cases. These confirm that we're not changing the outcome of the comparisons (for example -1>2UL), but only introducing deprecation warnings/errors. |
|
Will need to fix all issues in druntime (phobos is built with -d, strangely enough) before this can pass the tests. |
|
The last commit adds an IntRange variable to VarDeclaration, which can be used to limit the range of mutable variables, in the case where the range can be proven to be limited. Settings this range for the key in ForEachRangeStatement limits the number of false positives. This can be made to work for general for/while loops as well, further lowering the false positives. Although, it could be seen as a reason to use ForEachRange over hand written loops. Implementing getIntRange for VarDeclaration has numerous optimization advantages, unrelated to bug 259, so perhaps it's worth pulling this out into its own PR. TODO: must ensure the foreach body doesn't mutate the iterator. |
|
Rebased on top of my if-else-range branch, which should cut down on false positives. |
|
This is good work that has fallen into oblivion. @lionello could you please rebase and let's put it back on the docket. Thanks! |
1. If the sizeof(signed type) > sizeof(unsigned type), cast to unsigned to signed 2. If min(signed value) >= 0, cast signed to unsigned 3. If max(unsigned value) < max(unsigned type)/2, cast unsigned to signed-of-same-size else the comparison is in error.
|
This would be lovely to have... |
|
I have created a version of this patch which is updated for DDMD. See it here: https://github.com/tsbockman/dmd/tree/issue_259 It basically works, except that it causes some false positives for unreachable code detection. For example: module main;
void main(string[] args)
{
int* a = null;
int* c = new int;
for (auto b = a; true; b++)
{
if (b > c)
break;
return; // DDMD with my patch incorrectly flags this line as unreachable.
}
}It seems to be limited to Perhaps @lionello or @John-Colvin could take a look at my work, and point me in the right direction? I did my translation from C++ into D somewhat blind, without fully understanding the context for the original changes by @lionello, so I really don't know if I messed up somehow, or the bug was already there, or if perhaps it is caused by other changes made to the compiler since June 2014. |
|
I figured out what was causing the bug above, but in the process I have decided to rework much of the patch, anyway, to address various other problems I found. |
|
Superseded by #5229 . Many thanks to @tsbockman for porting. Let's work together to get this in! |
|
@tsbockman I will! But right now it's 1am and I'm off to bed. |
http://d.puremagic.com/issues/show_bug.cgi?id=259
Consider a comparison a < b, a <= b, a > b, or a >= b, in which a and b are
integral types of different signedness. Without loss of generality, let's
consider a is signed and b is unsigned and the comparison is a < b. Then we
have the following cases:
Then signed comparison proceeds normally. This is a classic value-based
conversion dating from the C days, and we do it in D as well.
than or equal to zero, then a < b is lowered into cast(U) a < b, where U is the
unsigned variant of typeof(a). Then unsigned comparison proceeds normally.
Using deprecation() since warnings and errors during template instantiations are suppressed and the final "errors instantiating template" doesn't say why ( http://d.puremagic.com/issues/show_bug.cgi?id=9960 )