|
|
Boost : |
Subject: Re: [boost] Current Guidance on Compiler Warnings?
From: Daniela Engert (dani_at_[hidden])
Date: 2018-11-24 17:06:10
Am 24.11.2018 um 16:52 schrieb Peter Dimov via Boost:
> Daniela Engert wrote:
>> Am 23.11.2018 um 20:58 schrieb Emil Dotchevski via Boost:
>> >
>> > unsigned f();
>> >
>> > void g( int x )
>> > {
>> > if( x < f() ) //warning C4018: '<': signed/unsigned mismatch
>> > {
>> > ....
>> > }
>> > }
>>
>> The only problem that I can see here is the fact, that this is flagged
>> as a warning rather than an error. I know, this is technically correct
>> but you simply cannot compare values from different value domains
>> without preconditions.
>
> Making it an error would be a useful first step towards making it work
> correctly. :-)
This is exactly what we do in our software. And because of that there
must must at least be warnings from the compiler to stop us from
committing such mathematical nonsense. Situations like these must be
inspected, audited and acted upon by human beings. Throwing the hands in
the air and insisting "but the language allows me to" is just asking for
disaster. I am working in a business where shrugging and walking away is
totally inacceptable because it may do serious damage or kill people.
> (It's perfectly possible to compare a value in [INT_MIN, INT_MAX] with a
> value in [0, UINT_MAX], it's just that the standard says op< needs to do
> the wrong thing.)
Right, and I am not happy of this heritage from C. There are some Boost
libs which are full of *errors* like these.
Ciao
Dani
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk