Cross Reference: /src/usr.bin/xlint/lint1/tree.c

History log of /src/usr.bin/xlint/lint1/tree.c
Revision	Date	Author	Comments
1.695	17-Sep-2025	rillig	lint: answer two questions from the code by writing tests for them
1.694	14-Sep-2025	rillig	lint: fix-up prefix commit by adding a rationale and an edge case check
1.693	14-Sep-2025	rillig	lint: warn about signed '<<' that ends up exactly in the msb
1.692	14-Sep-2025	rillig	lint: fix integer overflow in '<<' evaluation Just in case that -ftrapv will someday cover '<<' as well, in addition to the classic arithmetic operators.
1.691	14-Sep-2025	rillig	lint: do not preserve bit-field information in integer promotions The bit-field information was wrongly added back in 2021. At that time, the integer constraints had not been implemented yet, so it was a straight-forward idea to implement value restrictions using the type system and propagage these through the expressions. Due to preserving the bit-field information, some lint warnings contained wrong type information. These warnings are now fixed.
1.690	14-Sep-2025	rillig	lint: add more type details to several messages In most expressions, the integer promotions are performed on the operands, making the actual type different from the "visible" type of an operand. To properly explain the situation, mention the type before the integer promotions in case it differs from the resulting type.
1.689	07-Sep-2025	rillig	lint: clean up checks for '<<' and '>>'
1.688	06-Sep-2025	rillig	lint: reword message for bit-shift in trad-C90 migration mode Mentioning the type names gives a hint about why the behavior differs; the message only occurs when the type of the shift amount has higher rank than the type of the shifted value.
1.687	31-Jul-2025	rillig	lint: fix return type of GCC's __atomic functions
1.686	11-Jul-2025	rillig	lint: fix warning about enum array index Seen in openssh/fmt_scaled.c, scale_chars.
1.685	08-Jul-2025	rillig	lint: reword message about 'extra bits set to 0' The word 'extra' in the previous wording was too unspecific to make sense of. In the reworded message, focus on the problem instead of mentioning only the effect.
1.684	16-May-2025	rillig	lint: clean up
1.683	04-May-2025	rillig	lint: add more details to message about discarding qualifiers The name of the function (or, if not available, its type) is useful in lines that contain more than one function call.
1.682	12-Apr-2025	rillig	lint: warn about constant assignment in operand to '&&' or '\|\|' Seen in bin/sh/redir.c:1084 for errno, which is fine. Seen in usr.sbin/mopd/mopprobe/mopprobe.c:235, which looks suspicious but hasn't been touched since 1997.
1.681	12-Apr-2025	rillig	lint: s/illegal/invalid/g Lint does not provide legal advice.
1.680	10-Apr-2025	rillig	lint: remove now-unnecessary CONSTCOND comments
1.679	10-Apr-2025	rillig	lint: do not warn about constant operand of '!' Like its related warning about a constant condition, the purpose of this warning is unclear, and suppressing the warning requires special lint comments, thus cluttering the code. The message itself is still kept in err.c to keep the '-X 239' option valid. These LINTFLAGS will be removed in a follow-up commit. The lint comments /* CONSTCOND /, as well as its more verbose forms / CONSTANTCOND / and / CONSTANTCONDITION */ are no longer needed and can be removed.
1.678	06-Apr-2025	rillig	lint: remove warning about 'constant in conditional context' In a full NetBSD build, this warning occurs about 2400 times, making it the top 9 warning overall. There is no evidence though that this warning detects any real bugs, so the noise it makes is not warranted. In this first step, the warning is still listed in the lint(7) manual page, as removing it from there would immediately make all places with "LINTFLAGS += -X 161" fail. These '-X 161' flags cannot be removed first because then, the warning would step in and make the build fail. The next step is to clean up the "-X 161" options from all LINTFLAGS, and then the final step is to remove the warning from err.c.
1.677	21-Mar-2025	rillig	lint: don't warn when a cast increases the alignment from 1 to n
1.676	11-Mar-2025	rillig	lint: fix saturated multiplication in integer constraints check After the change from ui_max_value to si_max_value in tree.c 1.675 from 2025-02-27, it was wrong to divide the maximum value by 2 once more.
1.675	27-Feb-2025	rillig	lint: fix integer overflow when multiplying two large signed numbers Seen in ipsec-tools/crypto_openssl.c.
1.674	27-Feb-2025	rillig	lint: add details to message about conversion in 'case'
1.673	24-Feb-2025	rillig	lint: remove no-op variant of the unary '&' operator Neither K&R 1978 nor any of the C standards mentions that &function or &array would be a no-op. This no-op behavior produced wrong warnings in sbin/gpt.
1.672	20-Feb-2025	rillig	lint: add detail to message about truncated constant
1.671	20-Feb-2025	rillig	lint: mention the assignment operator in 'illegal combination' In source lines that contain both a 'return' statement as well as a function-like macro, such as the C11 atomics, seeing the word 'init' in the diagnostic helps to see that the type conflict is not in the 'return' statement but instead in some initializer. Seen in userspace-rcu/wfcqueue.h:147.
1.670	05-Jan-2025	rillig	lint: clean up integer constraints Since ic_con already handles conversions (and casts), there is no need to unwrap the conversions (but not the casts) explicitly.
1.669	02-Jan-2025	rillig	lint: fix possible loss of accuracy in multiplication and division
1.668	02-Jan-2025	rillig	lint: fix assertion failure in pointer subtraction
1.667	02-Jan-2025	rillig	lint: fix a few wrong warnings about possible loss of accuracy
1.666	02-Jan-2025	rillig	lint: compute integer constraints for xor and minus These operators allow lint to correctly track the possible values in expressions that sign-extend an integer.
1.665	01-Jan-2025	rillig	lint: fix wrong warning about possible loss of accuracy The expression "'0' + random() % 10" always fits in a signed or unsigned char.
1.664	15-Dec-2024	rillig	lint: merge duplicate code for possibly confusing precedence
1.663	15-Dec-2024	rillig	lint: add details to message about possible precedence confusion
1.662	30-Nov-2024	rillig	lint: add back optimization for non-query mode The main point of the optimization is to skip the expensive calls to type_name when preparing the message details. This was not spelled out explicitly in the comment. While here, fix the stray 'previous declaration' message that occurred whenever a function was first declared as 'static' and later defined without 'static', see query 16.
1.661	29-Nov-2024	rillig	lint: remove premature optimization for non-query scenarios
1.660	23-Nov-2024	rillig	lint: use separate message when discarding a qualifier in call
1.659	23-Nov-2024	rillig	lint: add details to messages about discarding qualifiers The related message 153 is left as-is, as it is used in two places, and the second place is not only about discarded qualifiers.
1.658	13-Nov-2024	rillig	lint: add more details to 'statement not reached' message In lib/libcompat/regexp/regexp.c, the FAIL macro expands to a compound statement containing a function call statement and a return statement, and the macro invocation is followed by a semicolon, forming an extra empty statement. Which of these statements is unreachable now becomes clear from the diagnostic, without having to inspect the preprocessed source code.
1.657	31-Oct-2024	rillig	lint: allow enum constant named 'N_*' to exceed the array index Seen in libxcb. While here, add the name of the enum constant to the message, to quickly decide whether the identifier is outside the range of expected enum values, thus marking the number of enum constants.
1.656	12-Oct-2024	rillig	lint: reduce wrong warnings about loss of accuracy in signed '%'
1.655	11-Oct-2024	rillig	lint: sort integer constraint functions and branches No functional change.
1.654	10-Oct-2024	rillig	lint: reduce debug logging for possible loss of accuracy When checking whether a type can represent an expression, only do the debug logging in the case where the expression cannot obviously be represented by the type, as the successful cases are usually uninteresting. While here, clean up the nesting in the debug log.
1.653	08-Oct-2024	rillig	lint: compute integer constraints for unsigned multiplication This fixes the wrong warning about possible loss of accuracy in libc/c16rtomb.
1.652	28-Sep-2024	rillig	lint: reword warning about cast between unrelated pointer types The phrase "may be troublesome" was too unspecific to be useful.
1.651	19-Aug-2024	rillig	lint: remove unused integer constraint The assignment in ic_cond was wrong, it should have been '&' instead of '\|', but as long as '~' is not involved in the integer constraints, there is no way to demonstrate this bug.
1.650	18-Aug-2024	rillig	lint: add value propagation for '/' combined with bit operations Fixes __SHIFTIN/__SHIFTOUT expressions, as in PR toolchain/58617.
1.649	10-Jul-2024	rillig	lint: add warning for '!(var = constant)' This catches expressions like 'ATF_CHECK(errno = ENOENT)', which was intended to use '==' instead of '='.
1.648	17-Jun-2024	rillig	branches: 1.648.2; lint: accept C23 [[fallthrough]] statements Needed by bind9/getaddresses.c:137.
1.647	09-Jun-2024	rillig	lint: fix usage marker for nested function calls
1.646	09-Jun-2024	rillig	lint: warn about lossy floating point constant to integer conversions
1.645	08-Jun-2024	rillig	lint: fix type of GCC-specific __FUNCTION__ to be an array
1.644	08-Jun-2024	rillig	lint: add details to warnings about negative constant to unsigned
1.643	12-May-2024	rillig	lint: don't call memcpy with null pointer Even copying 0 bytes from a null pointer invokes undefined behavior.
1.642	11-May-2024	rillig	lint: warn when comparing an integer to a floating point constant
1.641	10-May-2024	rillig	lint: clean up conversion from floating point constant
1.640	03-May-2024	rillig	lint: measure the alignment in bytes, not bits While measuring the alignment in bits makes sense when building a struct type with bit-fields, in all other places it is more confusing than helpful. The only visible change is that in debug mode, the format of type sizes and alignment changed. Since the size of all complete types is a multiple of a byte (as defined in the C standard), sizes and alignments are reported in bytes as well. Only while a struct is being built, the type size may include an additional '+x' for the bits of a bit-field.
1.639	01-May-2024	rillig	lint: make 'offsetof(t, array-member)' a constant expression The macro 'offsetof(t, m)' already expanded to a constant expression for scalar members but not for arrays. This was because the macro expanded to '(size_t)(((t *)0)->m)', which lint internally represents as 'addr(indir(ptr(0) + offset(m)))', and build_address simplifies 'addr(indir(x))' to 'x' if the types match. The types only match for scalar types though, but not for arrays. When build_address happens, the type information is incomplete, therefore 'offsetof(t, array)' has to be simplified at a later point.
1.638	01-May-2024	rillig	lint: fix warning about out-of-bounds bit-field value
1.637	27-Apr-2024	rillig	lint: converting a null pointer to another pointer type is not narrowing
1.636	27-Apr-2024	rillig	lint: add query for conversion from void pointer to other pointer
1.635	12-Apr-2024	rillig	lint: clean up and speed up the check for snprintb
1.634	31-Mar-2024	rillig	lint: merge function call operators 'CALL' and 'ICALL'
1.633	30-Mar-2024	rillig	lint: in the query about implicit conversions, ignore casts
1.632	30-Mar-2024	rillig	lint: add query for implicit integer-to-floating conversion
1.631	30-Mar-2024	rillig	lint: do not convert array subscripts from size_t to ptrdiff_t The C standards do not specify a fixed type for an array subscript, it just has to be an integer type. Previously, query 4 fired for the ubiquitous expression 'ptr[sz]' when sz had type 'size_t'. The test platform_ilp32_long is unaffected by this change, as the integer constant 0x80000000 has type 'unsigned int', while size_t is 'unsigned long' on those platforms, and even though the types 'unsigned int' and 'unsigned long' have the same value space, there's still a conversion, at least for now.
1.630	30-Mar-2024	rillig	lint: reword messages about array subscripts to sound more natural
1.629	29-Mar-2024	rillig	lint: clean up
1.628	27-Mar-2024	rillig	lint: clean up; extend overflow test
1.627	27-Mar-2024	rillig	lint: don't use 'long' in diagnostics The size of 'long' differs between 64-bit and 32-bit platforms. Eliminate this possible platform-dependency.
1.626	25-Mar-2024	rillig	lint: fix warnings about loss of accuracy on bit-field operations
1.625	19-Mar-2024	rillig	lint: keep invalid arguments in function calls Previously, arguments of incomplete type or 'void' cleared all arguments of the function call expression, requiring extra checks in later checks. Invalid function calls are now exported to the .ln files, but that's irrelevant in practice as these invalid function calls make lint1 fail, after which xlint removes the .ln file.
1.624	12-Mar-2024	rillig	lint: fix warning about loss of conversion for unsigned bit-fields Since decl.c 1.180 from 2021-05-02.
1.623	10-Mar-2024	rillig	lint: add details to the message about integer overflow Having only the operator was too unspecific to be actionable, so add the actual numbers and the data type.
1.622	10-Mar-2024	rillig	lint: saturate signed integer overflow In array address calculations, this prevents a 'array subscript cannot be negative' for large array subscripts.
1.621	10-Mar-2024	rillig	lint: fix integer overflow detection Previously, an unsigned operation that had a negative result went undetected in a few cases. Now, all results that are not representable by their type are considered overflows. The implementation of signed shift-right had been wrong for a few commits.
1.620	10-Mar-2024	rillig	lint: clean up check for overflow in integer constants
1.619	10-Mar-2024	rillig	lint: detect more cases of integer overflow in constant expressions For unsigned integers, detect when 'a + b' wraps around.
1.618	10-Mar-2024	rillig	lint: split integer overflow check into separate functions The checks for unsigned and signed integers differ for each operator, so there's no point having both parts in the same function.
1.617	10-Mar-2024	rillig	lint: remove wrong warning about overflow in unary '-' for unsigned
1.616	10-Mar-2024	rillig	lint: fix integer overflow in integer overflow check
1.615	10-Mar-2024	rillig	lint: in check for integer overflow, sort operators
1.614	09-Mar-2024	rillig	lint: fix excessive overflow warning after division by zero
1.613	09-Mar-2024	rillig	lint: merge duplicate code for checking array index
1.612	09-Mar-2024	rillig	lint: inline accessor macros for tnode_t
1.611	09-Mar-2024	rillig	lint: inline accessor macros for type_t
1.610	09-Mar-2024	rillig	lint: remove unneeded checks for left and right operands
1.609	03-Mar-2024	rillig	lint: clean up string parsing and snprintb check
1.608	03-Mar-2024	rillig	lint: check for unreachable bits and fields in snprintb formats While here, clean up a few existing checks.
1.607	01-Mar-2024	rillig	lint: fix misleading initializer for string iterator The field 'start' marks the start of the previous matching character, not the current iterator position. No binary change.
1.606	01-Mar-2024	rillig	lint: test format strings from snprintb calls The functions snprintb and snprintb_m are specific to NetBSD, and their format strings are tricky to get correct. Provide some assistance in catching the most common mistakes.
1.605	08-Feb-2024	rillig	lint: clean up variable names, parameter order, comments No functional change.
1.604	08-Feb-2024	rillig	lint: clean up redundant braces No functional change.
1.603	05-Feb-2024	rillig	lint: make function call arguments directly accessible Previously, the arguments of a function call expression were arranged in a linear tree structure, from right to left. To allow easier access to the arguments, store them in an array instead.
1.602	03-Feb-2024	rillig	lint: keep strings in their source representation This allows further analysis depending on whether individual characters are escaped as octal, hexadecimal or not at all.
1.601	01-Feb-2024	rillig	lint: reuse buffer editing code across lint1 Fix cat_strings to update the capacity of the buffer, to prevent quadratic runtime when concatenating string literals.
1.600	01-Feb-2024	rillig	lint: use standard buffer for storing string values No functional change.
1.599	29-Jan-2024	rillig	lint: do not remember content of wide string literals The plain char literals are needed for checking printf/scanf format strings; lint has no similar check for wide strings. These format strings are checked by modern compilers, making this check less relevant.
1.598	23-Jan-2024	rillig	lint: unconst parameters These were leftovers from earlier refactorings and are no longer needed. No binary change.
1.597	23-Jan-2024	rillig	lint: rename symt_t to symbol_kind It was confusing to have two kinds of "symbol type" (s_type and s_symt), so rename all related identifiers to be more distinctive. No functional change.
1.596	21-Jan-2024	rillig	lint: clean up redundant const from parameters and local variables These were leftovers from splitting large functions into smaller functions, to ensure that variables were not unintentionally reassigned. Those refactorings are finished, and the extra help from the compiler is no longer necessary. No binary change.
1.595	11-Jan-2024	rillig	lint: clean up enum constants for designators In intializers and offsetof, both struct and union members are handled in the same way, thus there is no need to distinguish them.
1.594	11-Jan-2024	rillig	lint: correctly set system-header flag on cast-expression When a cast-expression comes partly from a system header, determine at the ')' whether the whole cast-expression comes from the system header. Previously, it was based on the operand, which contradicted the documentation of tn_sys. Mainly affects strict bool mode (where expressions from system headers are handled more leniently), as well as query 9 for parenthesized return expressions. Discovered upon manual inspection, as calling expr_alloc_tnode should never be necessary when creating an expression node with operands; there's build_op for that purpose.
1.593	11-Jan-2024	rillig	lint: warn about integer overflow when folding constant INT_MIN / -1
1.592	09-Jan-2024	rillig	lint: allow complex offsetof(type, member-designator) Both GCC 11 and Clang 8 accept member-designators that are not identifiers but designator sequences, such as in 'offsetof(struct stat, st_atim.tv_sec)', so make lint accept them as well.
1.591	07-Jan-2024	rillig	lint: fix crash for invalid __func__ (since 2023-01-29)
1.590	07-Jan-2024	rillig	lint: fix memory allocation names, eliminate double negation
1.589	06-Jan-2024	rillig	lint: remove redundant parentheses, braces and comments Rename the functions for folding constant expressions, to make the comments redundant.
1.588	06-Jan-2024	rillig	lint: remove redundant comments
1.587	03-Dec-2023	rillig	lint: in declarations, replace tab with space Previously, in some cases, the keywords 'const' or 'struct' were followed by a tab, which doesn't make sense. No functional change.
1.586	03-Dec-2023	rillig	lint: re-wrap comments No functional change.
1.585	03-Dec-2023	rillig	lint: move function body brace to the left No functional change.
1.584	03-Dec-2023	rillig	lint: indent statement continuations consistently No binary change.
1.583	02-Dec-2023	rillig	lint: extract nonportable char comparison to separate function No functional change.
1.582	02-Dec-2023	rillig	lint: rename NOSCL to NO_SCL For symmetry with NO_TSPEC. No functional change.
1.581	13-Sep-2023	rillig	lint: prevent invalid memory access when checking an expression In check_expr_misc, the left and right operands of an expression were accessed even in the case of CON (constant), STRING (string literal) and NAME (identifier), which led to invalid values in pointer variables. These invalid values were not used though, but technically they invoked undefined behavior. Precede each access to the operands with a check that the expression indeed has operands, except in those cases where the operand is known to have operands by only looking at the code of the current function.
1.580	12-Sep-2023	rillig	lint: mark unreachable function call arguments as used as well Previously, in a '?:' expression with a constant condition, the branch that is not taken was skipped but any identifiers in there were intended to be marked as used. In function call expressions, this only worked for the last argument, as the PUSH operator is not a binary operator (see ops.def). Cover this case as well.
1.579	12-Sep-2023	rillig	lint: mark symbols that are only used in untaken '?:' branch as used
1.578	26-Aug-2023	rillig	lint: make diagnostics about ANSI C more international
1.577	08-Aug-2023	rillig	lint: in -a mode, do not warn about integer conversions from 'int' Since tree.c 1.552 from 2023-07-08, lint warned about integer conversions from 'int' or 'unsigned int' to smaller integer types. This only affected 32-bit platforms where size_t is 'unsigned int' rather than 'unsigned long', as on these platforms, the integer ranks of 'int' and 'long' are the same, see INT_RANK in inittyp.c. Discovered by lib/libkvm, which fails on i386 when lint generates any warnings.
1.576	05-Aug-2023	rillig	lint: implement __builtin_offsetof for the simplest cases Cases not covered: 1. C99 allows designators in the offsetof macro. 2. For packed types, the offset is likely to be incorrect.
1.575	02-Aug-2023	rillig	lint: fix plural form in message 150
1.574	02-Aug-2023	rillig	lint: distinguish between arguments and parameters
1.573	15-Jul-2023	rillig	lint: clean up duplicate code for finding struct/union members
1.572	15-Jul-2023	rillig	lint: properly initialize unnamed struct/union members Previously, their 'containing type' was not initialized. The code for initializing them is adapted from declarator_name.
1.571	15-Jul-2023	rillig	lint: fix member lookup after GCC statement expression
1.570	15-Jul-2023	rillig	lint: split struct_or_union_member into separate parts
1.569	15-Jul-2023	rillig	lint: fix use-after-free bug in GCC statement expressions
1.568	15-Jul-2023	rillig	lint: add detailed logging for finding memory allocation bugs
1.567	15-Jul-2023	rillig	tests/lint: demonstrate use-after-free in GCC statement expression
1.566	14-Jul-2023	rillig	lint: clean up redundant and verbose code
1.565	14-Jul-2023	rillig	lint: rename function for creating a new expression node
1.564	14-Jul-2023	rillig	lint: clean up comments, add a test for the '?:' operator
1.563	13-Jul-2023	rillig	lint: indent copyright lines consistently
1.562	13-Jul-2023	rillig	lint: clean up code related to lint comments Remove type information from variable names, as the word 'flag' did not indicate that the variables were negated. Remove contradicting comments. Suppressing a warning for 'this line', 'this and the following line' and 'this statement or declaration' cannot all be accurate at the same time.
1.561	12-Jul-2023	rillig	lint: clean up handling of __real__ and __imag__ These two operatos are not binary, therefore they don't need a right operand. The questionable operands were a copy-and-paste mistake, as the code was taken from the ++ and -- operands (tree.c 1.46 from 2008-04-25). The ++ and -- operands aren't binary either, but since lint represents address calculations in their premultiplied form, the expression ptr++ contains a hidden right operand specifying the number of bytes by which to increment the pointer. Creating an integer-constant-expression node with type 'long double' didn't make sense either. Luckily, these expressions are only built but not analyzed any further.
1.560	10-Jul-2023	rillig	lint: merge duplicate code for getting the name of an operator
1.559	10-Jul-2023	rillig	lint: clean up wchar_t and hash tables
1.558	09-Jul-2023	rillig	lint: in the warning about ordered enums, mention the affected type
1.557	09-Jul-2023	rillig	lint: clean up wording in diagnostics Use the term 'parameter' as defined in C99 3.15.
1.556	09-Jul-2023	rillig	lint: clean up the wording of a few diagnostics
1.555	09-Jul-2023	rillig	lint: remove redundant '#' after 'argument' in diagnostics
1.554	08-Jul-2023	rillig	lint: warn about pointer casts between different kinds of types Pointer casts from an integer type to a floating-point type and vice versa get a 'maybe troublesome' warning now. The previous assumption that all types of the same bit-size are convertible may have been valid from a technical point of view, but still such code should get more attention. The rules for struct and union types could be made more fine-grained later, if the need arises. To suppress this warning, it's always possible to cast to an intermediate 'void *'.
1.553	08-Jul-2023	rillig	lint: do not use portable type sizes in integer constraints This reverts the change from tree.c 1.547 from 2023-07-03. Back then, I didn't know that the actual value from a type's 'portable size in bits' was not supposed to be used.
1.552	08-Jul-2023	rillig	lint: warn about conversion from 128-bit to smaller integer types
1.551	08-Jul-2023	rillig	lint: clean up PUSH nodes are not marked as binary, yet they have a left and a right operand. If none of the queries is enabled, omit the query from the debug log.
1.550	08-Jul-2023	rillig	lint: clarify the meaning of 'portable size in bits' of a type No functional change.
1.549	07-Jul-2023	rillig	lint: only warn about traditional/C90 differences in migration mode In C99 mode, there is no point warning about traditional C. No change in the tests, as a complete test suite would require several new test files, and migration mode is not used intensively.
1.548	07-Jul-2023	rillig	lint: only skip 'unused' warnings after errors, not other warnings Previously, in -w mode, any warning suppressed further 'unused' warnings, even though there was no need to do that. This can be seen in the test gcc_attribute_var.c, where only the last unused variable from a function was marked as unused, the others slipped through. Fixed by counting the errors and the warnings separately and only combining them if actually desired.
1.547	03-Jul-2023	rillig	lint: consistently use portable type size in integer constraints Since tree.c 1.546 from 2023-07-03, lint no longer warned about possible loss of accuracy when converting from 'long' to 'int' on an ILP32 platform that uses 'unsigned long' for size_t, when run in portable mode (-p), which is enabled by default in the NetBSD build. The integer constraints avoid false-positive warnings by looking at the actual values an expression can take. The function can_represent is guarded by a condition that uses the portable_size_in_bits, but then internally used the opposite size_in_bits, which led to inconsistent results. The warning looks confusing though, as on an ILP32 platform, 'int' and 'long' have the same size and representation, therefore there cannot be an actual loss of accuracy. The warning may need to be reworded to explicitly mention the portability mode, in which sizeof(int) is assumed to be 3 instead of 4, to catch possible loss of accuracy on other platforms.
1.546	03-Jul-2023	rillig	lint: clean up redundant casts
1.545	03-Jul-2023	rillig	lint: rename uppercase QUAD to LLONG No binary change.
1.544	02-Jul-2023	rillig	lint: rename 'quad' to 'signed int' or 'unsigned int' No functional change.
1.543	02-Jul-2023	rillig	lint: clean up variable names
1.542	01-Jul-2023	rillig	lint: constify, reduce indentation No functional change.
1.541	01-Jul-2023	rillig	lint: clean up duplicate and dead code for integer constants No functional change.
1.540	01-Jul-2023	rillig	lint: clean up typos
1.539	01-Jul-2023	rillig	lint: fix initialization of unnamed union member
1.538	30-Jun-2023	rillig	lint: clean up names related to declaration levels The previous prefix 'DK_' (declaration level kind) had a conflict with the 'DK_' (designator kind) in init.c, so change the prefix to 'DLK_'. The new name for dinfo_t is decl_level, which is more expressive. No functional change.
1.537	30-Jun-2023	rillig	lint: fix handling of unnamed struct/union members The support for unnamed struct/union members that was added in decl.c 1.60 from 2015-10-13 was simple but wrong. It didn't cover initializers of these structures and computed wrong sizes for structures containing anonymous unions. At that time, the handling of initializers was broken as well, it was fixed 6 years later in init.c 1.229 from 2021-12-22. Real-life examples for code that lint couldn't handle are: * external/bsd/jemalloc/dist/src/jemalloc.c * external/mit/xorg/lib/dri.old/Makefile
1.536	30-Jun-2023	rillig	lint: clean up tree.c No functional change.
1.535	30-Jun-2023	rillig	lint: make alignof(incomplete enum) an error
1.534	30-Jun-2023	rillig	lint: use NULL for null pointer constants No binary change.
1.533	30-Jun-2023	rillig	lint: add query for assigning an integer 0 to a pointer
1.532	29-Jun-2023	rillig	lint: use standard terminology for bit-field width No functional change.
1.531	24-Jun-2023	rillig	lint: reduce memory allocations The type val_t has the same size as the tn_s member in the same union. No functional change.
1.530	24-Jun-2023	rillig	lint: don't warn about comparison between char and character constant
1.529	24-Jun-2023	rillig	lint: add query for comparing 'char' with plain integers
1.528	22-Jun-2023	rillig	lint: add query for comma operator
1.527	09-Jun-2023	rillig	lint: miscellaneous clean-ups No binary change, except for line numbers in assertions.
1.526	09-Jun-2023	rillig	lint: indent local variables consistently No binary change.
1.525	03-Jun-2023	rillig	lint: provide more detailed types when operands do not match
1.524	22-May-2023	rillig	lint: rename constant NOTSPEC to NO_TSPEC It was too easy to misread the old name as NOT_SPEC instead of the intended NO_TSPEC.
1.523	13-May-2023	rillig	lint: add query for chained assignments
1.522	10-May-2023	rillig	lint: make code simpler No functional change.
1.521	09-May-2023	rillig	lint: track integer constraints through conditional expressions
1.520	09-May-2023	rillig	lint: preserve integer constraints on cast
1.519	22-Apr-2023	rillig	lint: allow cast from a type to a union containing that type
1.518	22-Apr-2023	rillig	lint: fix missing initialization for cast to union The left operand of a unary AST node must not be NULL. The previous code crashed lint when run with some query enabled, as is_cast_redundant assumes that a non-null AST node has valid operands. $ cat <<EOF > crash.c double demo(void) { union u { double num; } u; u = (union u)&((double) { 0.0 }); return u.num; } EOF $ /usr/libexec/lint1 -w -S -g -q8 crash.c /dev/null
1.517	22-Apr-2023	rillig	lint: rename type_t.t_str to t_sou The name 't_str' could have meant 'string' or 'struct'. Since both struct and union types have members, rename it to 't_sou'. No functional change.
1.516	22-Apr-2023	rillig	lint: don't warn about cast between union and one of its member types Seen in src/sbin/newfs_udf/udf_core.c for context.anchors.
1.515	22-Apr-2023	rillig	lint: do not warn about parenthesized assignment in controlling expr Same as for GCC and Clang.
1.514	22-Apr-2023	rillig	lint: fix typos in comments
1.513	14-Apr-2023	rillig	lint: document suppressed LDBL_MAX warning more accurately The crucial point is not that lint is cross-compiled but that tools/lint is run on the usr.bin/xlint code, and in that situation, the platform mismatch happens.
1.512	12-Apr-2023	rillig	lint: suppress warnings about LDBL_MAX in cross-build mode This fixes the cross build for sparc64 on x86_64, in which lint complained: warning: floating-point constant out of range [248] warning: floating point overflow on operator '-' [142] warning: floating-point constant out of range [248]
1.511	11-Apr-2023	rillig	lint: fix converting a complex floating-point constant The complex '+' in msg_142 line 27 led to an invalid floating point value when converting from 'double' to '_Complex double'.
1.510	11-Apr-2023	rillig	lint: fix wrong warning about overflow in floating constant expressions
1.509	11-Apr-2023	rillig	lint: condense code No functional change.
1.508	11-Apr-2023	rillig	lint: don't wrongly warn about overflow in complex constants Seen in lib/libm.
1.507	28-Mar-2023	rillig	lint: warn about extern declarations outside headers https://mail-index.netbsd.org/tech-userlevel/2023/03/15/msg013727.html
1.506	24-Feb-2023	rillig	lint: order functions to to reduce forward declarations No functional change.
1.505	22-Feb-2023	rillig	lint: fix confusing message about nonportable character constants
1.504	29-Jan-2023	rillig	lint: fix definition of __func__
1.503	29-Jan-2023	rillig	lint: demonstrate wrong declaration of __func__
1.502	29-Jan-2023	rillig	lint: don't warn about negative '>>' when the actual value is positive
1.501	29-Jan-2023	rillig	lint: inline an expression, clean up comments No functional change.
1.500	29-Jan-2023	rillig	lint: untangle conditions in promote_c90 No functional change.
1.499	28-Jan-2023	rillig	lint: extract casting to a union into separate function No functional change.
1.498	28-Jan-2023	rillig	lint: use stronger wording in comments of unimplemented offsetof
1.497	28-Jan-2023	rillig	lint: split usual arithmetic conversions into separate functions No functional change.
1.496	28-Jan-2023	rillig	lint: split integer promotions into separate functions No functional change.
1.495	28-Jan-2023	rillig	lint: remove commented code from new_tnode The approach in that code was wrong anyway. If an expression is shifted to the right, that doesn't change the declared type of the expression, it only changes the possible range of values. A better way to implement these restricted value spaces is by using integer_constraints. No functional change.
1.494	22-Jan-2023	rillig	lint: prevent undefined behavior for signed '<<' Found by manual code inspection, verified by MKSANITIZER=yes USE_SANITIZER=undefined.
1.493	21-Jan-2023	rillig	lint: make code for strict bool mode more consistent Guard all entry points with a check for Tflag and remove the now redundant internal check for Tflag. No functional change.
1.492	14-Jan-2023	rillig	lint: use fewer abbreviations No binary change except for line numbers in assertions in decl.c.
1.491	14-Jan-2023	rillig	lint: split struct_or_union_member into two halves No functional change.
1.490	13-Jan-2023	rillig	lint: remove custom memory allocator Besides adding complexity, the custom memory allocator didn't invalidate freed memory, which made it harder to find possible use-after-free bugs.
1.489	08-Jan-2023	rillig	lint: do not report usual arithmetic conversions for constants
1.488	08-Jan-2023	rillig	lint: extract usual arithmetic conversions to separate function No functional change.
1.487	08-Jan-2023	rillig	lint: recognize enum constant named 'max' as a count of values Seen in external/bsd/mdocml/dist/mdoc.h(50).
1.486	04-Jan-2023	rillig	lint: fix the result type of '?:' for void pointers The change from 2015-07-29 was wrong since that rule only applies to null pointer constants but not to other void pointers.
1.485	03-Jan-2023	rillig	lint: condense building of nodes for '?:' expressions No binary change except for line numbers in assertions.
1.484	30-Nov-2022	rillig	lint: add measurement unit to local variable names No binary change, except for line numbers in assertions.
1.483	01-Oct-2022	rillig	lint: inline local variable in build_function_argument No functional change.
1.482	01-Oct-2022	rillig	lint: miscellaneous cleanup No functional change.
1.481	01-Oct-2022	rillig	lint: add hyphen to adjective 'old-style'
1.480	28-Aug-2022	rillig	lint: inline previous_declaration for nonconstant message IDs This adds back the compile-time printf validation in debug mode that was missing before.
1.479	28-Aug-2022	rillig	lint: clean up visual clutter No functional change.
1.478	28-Aug-2022	rillig	lint: rename functions to be clearer No need anymore to keep external identifiers at the "6 significant initial characters" mandated by C90.
1.477	25-Aug-2022	rillig	lint: remove explicit list of known GCC attributes Most GCC attributes consist of a single identifier. Up to now, it was necessary to list each of these identifiers in the grammar, even those that only apply to a single target architecture. Instead, parse the general form of attributes, matching the few attributes that lint handles by name instead. While here, rename the grammar rules to use the GCC terms. To avoid conflicts between the global function 'printf' and the GCC attribute of the same name, do not add GCC attributes to the symbol table, and don't make these symbols 'extern' either. ok christos@.
1.476	19-Aug-2022	rillig	lint: add more details to message about large bit-shifts
1.475	16-Jul-2022	rillig	lint: add more details to message about pointer alignment The previous message 'may cause alignment problem' was not detailed enough to be actionable, it didn't give the necessary insight to why lint was complaining at all. The new message 'increases alignment from 1 to 4' or 'from 2 to 8' describes the potentially problematic conversion, and together with the involved type names, it allows an informed decision about whether lint's warning is warranted or not. In a typical NetBSD build, this warning is in the top 10. The number of these warnings depends on the architecture, it is typically between 800 and 1600.
1.474	08-Jul-2022	rillig	lint: fix edge cases in the query for redundant cast before assignment Casting from and to _Bool is only allowed outside strict bool mode. Outside strict bool mode, _Bool is an integer type, therefore return early if any of the operands has type _Bool. In strict bool mode, even casting from _Bool to _Bool is not allowed, as it is not needed in practice. Handle _Complex types before real floating-point types. Return early for _Complex types, as these are floating-point types as well. For pointer casts, not only flag casts to or from 'pointer to void', but also casts between the same types. In debug mode, when constructing the type '_Complex float', the type name of '_Complex' occurs in the debug log. Outside of debug mode, printing this type name is an error since this type keyword only occurs internally, when constructing a type. At that point, it is not supposed to occur in any user-visible message.
1.473	08-Jul-2022	rillig	lint: fix query for redundant cast before assignment Previously, 'i = (int)dbl' was marked as redundant, even though it performs a value conversion.
1.472	06-Jul-2022	rillig	lint: do not warn about 'may lose accuracy' in safe cases of '%' The possible values of the expression 'a % b' for unsigned integers lie between 0 and (b - 1). For signed integers, it's more complicated, so ignore them for now.
1.471	05-Jul-2022	rillig	lint: add additional queries that are not enabled by default In the last 18 months, several lint warnings have been made adjusted to allow common usage patterns. For example, lint no longer warns about a constant condition in the statement 'do { ... } while (false)' (message 161), as this pattern is well-known in statement-like macros, making it unlikely that the 'false' is a mistake. Another example is casts between unequal pointer types (message 247) for a few well-known patterns that are unlikely to be bugs. Occasionally, it is useful to query the code for patterns or events that would not justify a warning. These patterns are modeled as predefined queries that can be selected individually, in addition to and independently of the existing warnings and errors. New queries can be added as needed, in the same way as new warnings. Queries that are deemed no longer used can be deactivated in the same way as warnings that are no longer used. As long as none of the queries is enabled, they produce a minimal overhead of querying a single global variable. Computations that are more expensive than a few machine instructions should be guarded by any_query_enabled. https://mail-index.netbsd.org/source-changes-d/2022/06/28/msg013716.html ok christos@
1.470	03-Jul-2022	rillig	lint: add debug logging for struct and enum details
1.469	02-Jul-2022	rillig	lint: prevent undefined behavior when folding '<<' or '>>'
1.468	02-Jul-2022	rillig	lint: document usage of 'convert' No functional change.
1.467	02-Jul-2022	rillig	lint: only convert the right operand of '<<' or '>>' in traditional C Traditional C says: "Then the right operand is converted to int". C90 dropped that sentence, probably because it didn't have any effect on the result or the conditions for undefined behavior. To stick to the wording of the specification, also convert UINT to INT. While here, fix the call to 'convert'. The first argument being 'CVT' means that the conversion comes from a cast-expression instead of an implicit conversion. This prevents warnings for 'uint64_t << uint64_t'. Keeping this unnecessary conversion in C90 or later would have generated warnings for the functions at the bottom of msg_132.c.
1.466	01-Jul-2022	rillig	lint: add quotes around operator in message 138, remove message 240 Message 138 doesn't occur in practice, it was the last one that was missing the quotes around the placeholder. Message 240 was also missing the quotes, but it was not reachable. There was also no apparent benefit in warning about 'assignment of different structures' when the message about 'assignment type mismatch' serves the same purpose.
1.465	01-Jul-2022	rillig	lint: restructure 'convert' The conditions are now grouped by target type, highlighting that conversions between integer and floating point types are not checked by this function, in fact, they are not checked at all. No functional change.
1.464	01-Jul-2022	rillig	lint: rename functions for value conversion No functional change.
1.463	24-Jun-2022	rillig	lint: do not warn about pointer casts to array types If the (recursive) element type of the array is compatible, that's good enough. Even after the previous commits, this warning is the one that occurs most in a standard NetBSD build, and it is generally ignored. For now, focus on reducing the number of false positives to an acceptable level.
1.462	24-Jun-2022	rillig	lint: allow pointer cast between compatible structs Lint already allowed pointer casts from 'struct counter' to 'struct counter_impl'. Now it also allows the other direction.
1.461	24-Jun-2022	rillig	lint: do not warn about pointer cast between sockaddr variants
1.460	24-Jun-2022	rillig	lint: allow pointer cast from char to struct/union
1.459	22-Jun-2022	rillig	lint: add quotes around placeholders for the remaining messages Reword some of the messages slightly, exchanging brevity for clarity. Message 138 is kept as-is, as it is not yet covered by any tests. Message 240 is kep as-is, as it is unreachable.
1.458	21-Jun-2022	rillig	lint: merge duplicate code in typeok_minus No functional change.
1.457	21-Jun-2022	rillig	lint: clean up comments, don't include unused header No functional change.
1.456	21-Jun-2022	rillig	lint: use is_struct_or_union instead of comparing twice No functional change.
1.455	21-Jun-2022	rillig	lint: add quotes and details to some more messages
1.454	19-Jun-2022	rillig	lint: add quotes around placeholders in 4 messages
1.453	15-Jun-2022	rillig	lint: rename mod_t.m_requires_bool to m_compares_with_zero The operators NOT, LOGAND, LOGOR and QUEST only require _Bool in strict bool mode, in default mode they accept any scalar expression and compare it with zero. The new names are more accurate. No functional change.
1.452	30-May-2022	rillig	lint: revert 'do not pre-multiply pointer expressions' from 2022-05-26 In tree.c 1.448, removing the pre-multiplication generated wrong warnings about out-of-bounds array access.
1.451	30-May-2022	rillig	lint: fix assertion failure in '(unsigned long)(ptr) >> 12' Since tree.c 1.449 from 2022-05-26.
1.450	29-May-2022	rillig	lint: fix wrong errors about sizeof of a bit-field (since 2022-05-26)
1.449	26-May-2022	rillig	lint: do not warn about 'uint32_t = uint64_t >> 32' If all possible values fit into the destination type, there is no possibility of losing accuracy. Enhances PR 36668.
1.448	26-May-2022	rillig	lint: do not pre-multiply pointer expressions 'ptr + int' In the AST, it is confusing to see that 'stderr == __sF + 304', it should rather be 'stderr == __sF + 2'. No functional change.
1.447	26-May-2022	rillig	lint: improve local variable and function names No functional change.
1.446	26-May-2022	rillig	lint: reduce scope of local variables in build_plus_minus No functional change.
1.445	26-May-2022	rillig	lint: re-order conditions for lossy conversions Now that can_represent does more work, put it at the end of the conditions. No functional change.
1.444	26-May-2022	rillig	lint: do not warn about loss in accuracy if the actual value fits The expression 'any & 0xff' can always be assigned to 'uint8_t' without loss of any value bits. In the same way, '(any & 0xff) << 8' can always be assigned to 'uint16_t'. Previously, lint warned about these cases. Fix these wrong warnings by tracking the possible values of integer expressions across a single expression. Fixes PR 36668, so that <sys/endian.h> does not need to be cluttered with useless casts anymore.
1.443	26-May-2022	rillig	lint: remove long list of node types in switch statement No functional change.
1.442	20-May-2022	rillig	lint: use __RCSID in lint mode as well Since 1995-10-02, lint supports __asm statements and __asm modifiers. No binary change.
1.441	18-May-2022	rillig	lint: do not warn about '==' on the right-hand side of ','
1.440	18-May-2022	rillig	lint: reduce negations in typeok_point, document check_expr_misc No functional change.
1.439	30-Apr-2022	rillig	lint: inline macro 'sflag' Mark all places where lint's C90 mode is stricter than its C99 mode. Most of the situations in which lint produces only warnings instead of errors covered by the "Constraints" sections in the relevant standards. This doesn't prevent a specific compiler from accepting it though. No functional change.
1.438	30-Apr-2022	rillig	lint: inline macro 'tflag' The definition of the macro tested both allow_trad and allow_c90, but there is only a single mode in which allow_c90 is false, therefore it suffices to test only that. While double-checking each occurrence of tflag individually, I learned why lint performs lookups of struct members only by name, independently of the struct in which they are declared. See typeok_arrow for details. No functional change.
1.437	30-Apr-2022	rillig	lint: inline macro Sflag in cases of expected behavior In the grammar rules 'enums_with_opt_comma' and 'block_item_list', checking for allow_c99 was redundant since c99ism does not warn in C99 mode. In the grammar rule 'designator', align the two actions structurally. No functional change.
1.436	19-Apr-2022	rillig	lint: fix integer overflow on seeing -(uint64_t)INT64_MIN Seen in external/cddl/osnet/dist/lib/libuutil/common/uu_strtoint.c, which is protected by a NOLINT in ../Makefile.inc.
1.435	19-Apr-2022	rillig	lint: only warn about unsigned constants in C90 migration mode For C99 code, the difference between traditional C and C90 is not relevant. Seen in sqlite3.c line 30448.
1.434	19-Apr-2022	rillig	lint: do not warn about converting (1234567L & 0xFF) to unsigned char Due to the '& 0xFF', there is no possible loss of accuracy.
1.433	16-Apr-2022	rillig	lint: merge mod_t.m_test_context into m_requires_bool These two flags mean exactly the same. No functional change.
1.432	16-Apr-2022	rillig	lint: rename members of tnode_t to more closely match reality The flags do not describe the left operand of the node but both, as for most operators, either none or both operands are in test context or in value context. The one exception is the operator '?' from the '?:' conditional, for which the left operand is in test context and the right operand is in value context. No binary change.
1.431	16-Apr-2022	rillig	lint: investigate why lint only warns about some constant conditions Noticed in lex.c, in the macro kwdef, where lint complains about the condition containing '\|\|' but not about the conditions containing only '>' or '=='.
1.430	16-Apr-2022	rillig	lint: prepare keyword table for C11 The C11 keywords had been listed as being C99 keywords. Instead of initializing the individual fields separately, merge them by specifying the year of the standard in which they appeared. No binary change, except for line numbers in assertions.
1.429	16-Apr-2022	rillig	lint: migrate gflag to allow_gcc No functional change.
1.428	16-Apr-2022	rillig	lint: clean up conditions for migration check between trad and C90 No functional change, as each of the conditions was effectively '!tflag && !sflag && !Sflag' (even if distributed over several statements).
1.427	15-Apr-2022	rillig	lint: in C99 mode, do not warn about non-prototype conversions Message 259 is "argument #%d is converted from '%s' to '%s' due to prototype", and it is intended to warn about compatibility between traditional C where functions had no prototypes and standard C where functions have prototypes. Running lint in C99 mode is further away from traditional C than running lint in C90 mode, so that warning doesn't make sense for C99. There are still some inconsistencies in the 5 language version modes that lint offers: -t for traditional C (no option) for migrating traditional C to C90 -s for C90 code -S for C99 code -Ac11 for C11 code By disabling warning 259 in C99 mode, a typical NetBSD build produces 14.500 fewer warnings than before, of about 100.000 total. Message 259 overlaps with message 298 "conversion from '%s' to '%s' may lose accuracy, arg #%d", and in some cases of potentially lossy conversions, lint now produces none of these messages. In some other cases, these warnings were reported redundantly. The cases where message 298 makes sense will be added back later, as needed.
1.426	15-Apr-2022	rillig	lint: merge conditions in check_integer_conversion No functional change.
1.425	15-Apr-2022	rillig	lint: reduce indentation in check_integer_conversion No functional change.
1.424	09-Apr-2022	rillig	lint: distinguish between storage class and declaration kind These types overlap but are not the same. No functional change.
1.423	09-Apr-2022	rillig	lint: extract is_member into separate function No functional change.
1.422	09-Apr-2022	rillig	lint: disambiguate sym_t.s_value Having a single variable for 4 different purposes with different types makes the code unnecessarily hard to follow. No functional change.
1.421	09-Apr-2022	rillig	lint: split CTCONST into BOOL_CONST and ENUM_CONST Having a unified compile-time constant "storage class" made the code more difficult to understand. No functional change.
1.420	09-Apr-2022	rillig	lint: inline member access macros for sym_t Having the 'u.' explicitly in the code serves as a reminder that these members are only defined under certain conditions. No functional change.
1.419	09-Apr-2022	rillig	lint: rename length to length_in_bits No functional change.
1.418	03-Apr-2022	rillig	lint: fix crash after syntax error in GCC statement expression Since cgram.y 1.226 from 2021-05-03.
1.417	02-Apr-2022	rillig	lint: clean up style Remove outdated ARGSUSED (the one in tree.c had been wrong since 1995), remove unused argument. No functional change.
1.416	02-Apr-2022	rillig	lint: rename dinfo_t.d_next to d_enclosing The name d_next gave the wrong impression that the declaration infos would be independent of each other, but they are nested. No functional change.
1.415	02-Apr-2022	rillig	lint: add debug logging for the declaration stack To track down the wrong edge cases in decl_direct_abstract.c.
1.414	01-Apr-2022	rillig	lint: add type details to message about 'sizeof(function)' The code in add_function is severely broken, it mixes up the return type of the function with the argument types. For now, at least show the guessed type in the diagnostic, to allow human readers quickly spot the bug. Extend the test cases in decl_direct_abstract.c to show that the behavior differs unreasonably if the first parameter of the function is equal to its return type.
1.413	01-Apr-2022	rillig	lint: improve determination of abstract typename Still not perfect, but at least a step in the right direction. See decl_direct_abstract.c for the missing edge cases. See PR#22119.
1.412	01-Apr-2022	rillig	lint: replace crash with assertion failure Triggered by 'sizeof(int())'. GCC evaluates this expression to 1, without any warning. Clang warns about an "invalid application of 'sizeof' to a function type".
1.411	13-Mar-2022	rillig	lint: add braces around multi-line loop body No functional change.
1.410	27-Feb-2022	rillig	lint: merge duplicate code for handling plain and wide strings No functional change. As before, the string literals "1" "2" "3" are not concatenated from left to right, instead concatenation starts with "23" and then proceeds to "123".
1.409	27-Feb-2022	rillig	lint: C99 has been released, so refer to it by its proper name
1.408	27-Feb-2022	rillig	lint: unabbreviate two more members of sym_t No functional change.
1.407	27-Feb-2022	rillig	lint: unabbreviate some fields in sym_t No functional change.
1.406	27-Feb-2022	rillig	lint: encode lifetime of allocated memory in function names No functional change.
1.405	27-Feb-2022	rillig	lint: encode lifetime of allocated memory in the function names No functional change.
1.404	26-Feb-2022	rillig	lint: fix memory corruption in statement expressions (since 2021-12-17) The commit that introduced the assertion failure looks innocent, it only adds a few predefined functions for GCC mode. Nevertheless, before that commit, lint consistently complained about 'error: void type illegal in expression [109]', which doesn't make sense either. This fix also removes the creative use of the initialization stack to store the type of the statement expression. Having a separate stack for these statement expressions makes the code easier to understand.
1.403	26-Feb-2022	rillig	lint: extract code for handling statement expressions from the grammar This prepares the fix of the memory corruption bug that is demonstrated in t_integration.sh, test case assertion_failures. No functional change.
1.402	21-Dec-2021	rillig	lint: sync comment with recent change of parameter name
1.401	21-Dec-2021	rillig	lint: invert condition in build_name No functional change.
1.400	17-Dec-2021	rillig	lint: in GCC mode, declare alloca and variants The prototype declarations define the correct parameter types of these functions so that they are no longer subject to the default argument promotions (C11 6.5.2.2p6). The GCC builtins are only recognized in GCC mode (-g).
1.399	16-Dec-2021	rillig	lint: narrow down parameter of build_name Passing an arbitrary tokenizer symbol left too much freedom and uncertainty to the caller, and 0 was a magic number in this context. No functional change.
1.398	15-Dec-2021	rillig	lint: unexport struct_or_union_member Strangely, lint2 didn't notice this unnecessary export.
1.397	06-Dec-2021	rillig	lint: fix return type of GCC's __builtin_alloca Needed for libgmp.
1.396	04-Dec-2021	rillig	lint: add quotes around placeholders in message 123
1.395	16-Nov-2021	rillig	lint: fix check for function calls in strict bool mode Previously, if a function call occurred in the controlling expression, its return type could be any scalar, not just bool. This was against the goal of strict bool mode, which makes bool a separate and incompabile type to all other types. For example, it would allow controlling expressions like 'strcmp(a, b)' without the usual '!= 0', but only if at least one of 'a' and 'b' came from a macro definition from a system header. The fix is that the decision of whether the type of the controlling expression may be scalar is no longer based on the operand types but on the main operator of the controlling expression.
1.394	16-Nov-2021	rillig	tests/lint: explain the missing error message in strict bool mode There are 2 separate bugs that lead to the missing error message. The first bug is that when parsing a name, the information about whether that name comes from a system header is not properly recorded for the last token before switching from or to a system header. The second bug is that for determining whether the type of a function call expression is relaxed, the types of the function call arguments are taken into account, even though the type only depends on the function itself. The same idea applies to the operators '<<' and '>>', as their result type only depends on the left operand, at least since C90.
1.393	01-Nov-2021	rillig	lint: enter full C90 compatibility mode The C99 comment in tree.c:3468 has been there since 2017-03-06, without anyone complaining that their compiler would not handle it. Strangely, running GCC 10.3.0 in '-std=c90' mode does not complain about declarations after statements, '-Wdeclaration-after-statement' is needed separately. No functional change.
1.392	01-Nov-2021	rillig	lint: move all declarations above statements All code that is used by src/tools is supposed to be compatible with C90. No functional change.
1.391	01-Nov-2021	rillig	lint: do not warn about array size mismatch in array[(int)enum] The cast to 'int' explicitly converts the type away from being an enum.
1.390	01-Nov-2021	christos	simplify.
1.389	01-Nov-2021	rillig	lint: in the check for array[enum], allow enum constant NUM When an enum type defines a constant NUM_VALUES, this constant is usually not part of the enum values available to the application but rather a handy place for defining the number of other enum values. Don't warn about this case. Seen in openpam_impl.h and several other places.
1.388	31-Oct-2021	rillig	lint: fix invalid memory access in array[enum] check Lint checks whether in an expression 'array[enum]', the array size matches the value of the maximum enum constant. The previous tests for this check were missing the case where an enum name was explicitly cast to an integer type and then used as an array index. In this situation, the resulting type of the array index is a plain 'int' without any information about its previous 'enum' history. An entirely different case is when the 'enum' is implicitly converted to an integer type, as in the test color_name_too_many. There, for the final type of the array index, rn->tn_type->t_is_enum is true, which means that rn->tn_type->t_enum is properly filled. The bug was a simple typo, I had forgotten a tn_left indirection, which is necessary to get the type before the implicit conversion. Found and reported by Christos, triggered by src/lib/libperfuse/ops.c 1.89 line 1226 expression 'VTTOIF(vap->va_type)'.
1.387	31-Oct-2021	christos	Avoid null pointer exception hpcmips/mipsel src/lib/libperfuse/ops.c
1.386	30-Oct-2021	rillig	lint: warn if an enum name is used for mismatched array access This helps to keep the enum definition and the straight-forward implementation of a to_string or name function in sync. The test for message 241 had to be adjusted because of exactly this bug. That test defined a bit mask enum but accessed it like a value enum type.
1.385	09-Oct-2021	rillig	lint: add more details to warning about nonportable character comparison Especially when macros are involved, this makes it easier to see that there is a real problem. Seen in bin/sh/expand.c:273, where a plain char is compared to numbers larger than 127.
1.384	09-Oct-2021	rillig	lint: warn that bsearch effectively discards 'const' Just like strchr, bsearch takes a const pointer and returns a non-const pointer into the same object.
1.383	26-Sep-2021	rillig	tests/lint: explain difference between i386 and sparc for 259 Seen in usr.bin/make/cond.c 1.278 from 2021-09-21, line 800, the call to is_token, where unsigned char gets converted to unsigned int or unsigned long, depending on the platform.
1.382	18-Sep-2021	jmcneill	use isfinite(3) instead of finite(3) for portability Fixes tools build on macOS 11.6 arm64 hosts.
1.381	12-Sep-2021	rillig	lint: un-abbreviate rvused and rvdisc No functional change.
1.380	05-Sep-2021	rillig	lint: reduce number of ifdef names No functional change.
1.379	05-Sep-2021	rillig	lint: do not warn about comparison 'unsigned <= 0' Seen in scanners generated by Flex, and about 50 occurrences in the NetBSD src and xsrc tree, all of which are not suspicious of being bugs.
1.378	05-Sep-2021	rillig	lint: fix lint warnings
1.377	04-Sep-2021	rillig	lint: spell out abbreviations in comments No functional change.
1.376	04-Sep-2021	rillig	lint: sort operators in typeok_op according to ops.def Well, except for INIT, FARG, RETURN. These are listed at the very bottom of the operators table but still behave much like ASSIGN. No functional change.
1.375	04-Sep-2021	rillig	lint: extract typeok_point and typeok_arrow from typeok_op No functional change.
1.374	04-Sep-2021	rillig	lint: clean up switch statement in typeok_op In the old times where typeok_op was inlined into typeok, it was necessary to write the complicated if-not-return-break. Not anymore. No functional change.
1.373	04-Sep-2021	rillig	lint: make typeok_quest simpler No functional change.
1.372	03-Sep-2021	rillig	lint: set the return type of __builtin_*_overflow to bool, not int Needed for inetd.c in strict bool mode.
1.371	03-Sep-2021	rillig	lint: extract build_name_call from build_name This reduces the indentation, providing enough space to write out the full diagnostic in the code. It also prepares for supporting GCC builtins like __builtin_add_overflow, which return _Bool instead of int. No functional change.
1.370	02-Sep-2021	rillig	lint: split check_expr_misc into separate functions No functional change.
1.369	02-Sep-2021	rillig	lint: split check_assign_types_compatible into separate functions No functional change.
1.368	02-Sep-2021	rillig	lint: fix unintended warning for converting long long to signed char
1.367	02-Sep-2021	rillig	lint: move a condition into should_warn_about_prototype_conversion No functional change.
1.366	02-Sep-2021	rillig	lint: clean up should_warn_about_prototype_conversion
1.365	01-Sep-2021	rillig	lint: remove array creation from expr_derive_type It is only used for creating string types. The creation of other array types happens in add_array. This is a preparation to make all stored types const. No functional change.
1.364	31-Aug-2021	rillig	lint: extract condition for message 259 into separate function No functional change.
1.363	29-Aug-2021	rillig	lint: in C99 mode, make implicit function declarations an error In tree.c 1.294 from 2021-06-28, I had already tried this, but at that time, there were too many implicit function definitions in the NetBSD tree. Most of them were GCC builtins, which lint did not recognize. Therefore I had to revert to a warning in tree.c 1.302 from 2021-06-30. In the meantime, lint has learnt to recognize compiler builtins, see is_compiler_builtin, so try again now. The build logs from x86_64, i386, sparc and sparc64 show no more implicit function declarations.
1.362	29-Aug-2021	rillig	lint: treat _mm_ as builtin function name prefix for all compilers This prefix is not specific to GCC, it is also known by the Intel C Compiler and the Microsoft C compiler.
1.361	29-Aug-2021	rillig	lint: add __sync_ and _mm_ as prefixes for builtin functions These two additions cover all cases that occur in the current NetBSD build on x86_64. This allows build_name to use the usual pattern 'if Sflag then error else if sflag then warning'. That function currently issues a warning in C99 as well, even though C99 prohibits implicit function declarations.
1.360	28-Aug-2021	rillig	lint: remove double inversion from is_out_of_char_range No functional change.
1.359	28-Aug-2021	rillig	lint: clean up check_integer_comparison No functional change.
1.358	28-Aug-2021	rillig	lint: do not emit GCC builtin functions Lint1 no longer emits declarations of GCC builtin functions and calls to them. Previously, lint generated 3421 useless warnings in a default NetBSD build, like this: __atomic_load_n, arg 1 used inconsistently acl.c(216)[pointer to unsigned int] rbtdb.c(921)[pointer to unsigned short] This was because lint just doesn't understand that these functions are type-generic, which is indeed unusual in C. These useless warnings made the lint output more frightening than it should actually be. Together with the strange formatting of the diagnostics (space-space-tab after the main message, two spaces and two colons between the occurrences, symbols are listed in hashcode order), this creates the impression that lint is not intended to be a user-friendly tool. For now, fix the excess warnings, leaving the other items for later.
1.357	28-Aug-2021	rillig	lint: merge duplicate code in convert_constant_floating
1.356	28-Aug-2021	rillig	lint: use 'unsigned int' for bit-size of types in convert_integer There was no need to have two separate magic values (0 and -1) to mean the same. No functional change.
1.355	28-Aug-2021	rillig	lint: use 'unsigned int' for bit-size of types Lint does not need to support any types larger than 256 MB since they don't occur in practice. Practically, such large types have never been supported at all since the function type_size_in_bits used int for the internal calculations, resulting in overflows.
1.354	28-Aug-2021	rillig	lint: remove redundant type casts from convert_constant_floating Since tree.c 1.70 from 2012-03-27, lint has been using properly typed constants for the min and max values, independent from the host platform. No functional change.
1.353	28-Aug-2021	rillig	lint: un-abbreviate unsigned integer types No functional change.
1.352	25-Aug-2021	rillig	lint: rename local variable in plength The assertion in build_plus_minus is safe since that function is only called if the types are compatible. Pointer and floating are not compatible. No functional change.
1.351	23-Aug-2021	rillig	lint: expand macro in string concatenation No functional change.
1.350	23-Aug-2021	rillig	lint: add quotes around placeholder in message 141
1.349	23-Aug-2021	rillig	lint: make overflow check for binary '+' simpler No functional change.
1.348	23-Aug-2021	rillig	lint: remove unnecessary width parameter for msb No functional change.
1.347	23-Aug-2021	rillig	lint: fix wrong warning about signed integer overflow in '-' The newly added test cases in line 30 and 33 may or may not be worth a warning since the expressions deal with unsigned integers, where the behavior on overflow is well defined.
1.346	22-Aug-2021	rillig	lint: merge duplicate code for binary operator No functional change.
1.345	22-Aug-2021	rillig	lint: fix folding of comparisons in constant expressions
1.344	21-Aug-2021	rillig	lint: extract check_prototype_conversion_integer No functional change.
1.343	21-Aug-2021	rillig	lint: rename local variable '1' in fold_float It looked too similar to the number 1.
1.342	21-Aug-2021	rillig	lint: fix spacing in tree.c
1.341	21-Aug-2021	rillig	lint: do not warn about '(void)arg' and similar expressions In the current NetBSD build, 5260 of the 46264 total lint warnings are about expressions that have a null effect. Most of these occurrences follow well-established patterns, which makes the warnings bogus. Remove these warnings.
1.340	19-Aug-2021	rillig	lint: change return type of 'msb' from int to bool No functional change.
1.339	19-Aug-2021	rillig	lint: clean up formatting of 'fold'
1.338	19-Aug-2021	rillig	lint: fix wrong integer overflow warning for unsigned types
1.337	16-Aug-2021	rillig	lint: remove dead code from check_bad_enum_operation There is a single caller of that function, and it checks the exact same condition beforehand.
1.336	15-Aug-2021	rillig	lint: extend check for unconst functions The functions memchr, strpbrk, strrchr and strstr effectively remove the const qualifier of their first argument, just like strchr.
1.335	15-Aug-2021	rillig	lint: fix wrong warning about 'unsigned char >> constant'
1.334	14-Aug-2021	rillig	lint: use standard quoting style for messages 124 and 184
1.333	14-Aug-2021	rillig	lint: allow initialization of struct with constant member The operator INIT, just like RETURN and FARG, initializes an object with an expression. The target object of such an initialization may be a struct with constant members. The operator ASSIGN, on the other hand, is entirely different. It overwrites the existing value of the object, and this is not allowed for structs that have a constant member. Therefore it was wrong to use the operator ASSIGN for initialization.
1.332	10-Aug-2021	rillig	lint: fix 3 of the 4 wrong messages about lvalue in initial assignment
1.331	09-Aug-2021	rillig	lint: warn about 'char * = strchr(const char *, int)' Found in findcc.c, there are about 25 other instances of this incongruency in the whole source tree. For more examples of functions from the C Standard Library that implicitly remove the 'const' qualifier from an argument, see the C++ include file 'cstring'.
1.330	03-Aug-2021	rillig	lint: merge almost duplicate code from 'sametype' into 'eqtype' In 'sametype', the branch for comparing array types was unreachable since it requires both tspecs to be the same, but t2 underwent the array-to-pointer conversion. Previously, lint warned about enum type mismatches, even without -e for strict enum mode. Instead, it got the case for 'char *' wrong, which is now fixed. Now lint behaves like GCC 10.3.0 in this regard. The warning about enum mismatch is useful though, so it may be re-added in a future commit.
1.329	03-Aug-2021	rillig	lint: union casts are only available as a GCC extension, not in C99
1.328	03-Aug-2021	rillig	lint: casting to a struct is not allowed in C99, only with GCC
1.327	03-Aug-2021	rillig	lint: clean up and move 'sametype' This function is only used by lint1. That's good since the lint2 code was completely broken, as it would regard any two struct types as being the same. Remove the large switch statement since it is unlikely that there will be new type derivations in C anytime soon. No functional change.
1.326	01-Aug-2021	rillig	lint: merge duplicate debugging code The functions 'debug_node' and 'display_expression' were similar enough to be merged. Migrate debug_node to use the existing debug logging functions. Remove the now unused option 'd' from the options string.
1.325	01-Aug-2021	rillig	lint: remove option -d, clean up debug logging The command line option -d was not used by /usr/bin/lint, and it only triggered a handful of debug messages. Move this debug logging over to the compile-time -DDEBUG setting. Move display_expression further up to avoid the forward declaration.
1.324	01-Aug-2021	rillig	lint: remove unreachable code from usual arithmetic conversions
1.323	01-Aug-2021	rillig	lint: fix usual arithmetic conversions for 128-bit integer types
1.322	31-Jul-2021	rillig	lint: extract debug logging to separate file Lint currently has several different kinds of debug log: * The -DDEBUG log is controlled at compile time. * The -d command line options enables some other debug logging. * The -DYYDEBUG log for parsing is controlled at compile time. * The -y command line option only has an effect in -DYYDEBUG mode. Extracting the logging into a separate file is a first step towards unifying these logs and making the code for debug logging stand out less than the current #ifdef DEBUG. No functional change.
1.321	31-Jul-2021	rillig	lint: in has_constant_member, don't reuse variables No functional change.
1.320	31-Jul-2021	rillig	lint: merge duplicate code for generating unqualified type This is a preparation for fixing the wrong warnings in msg_115.c. No functional change.
1.319	25-Jul-2021	rillig	lint: add type information to message about invalid cast This probably doesn't matter in practice since the compiler is supposed to catch this kind of error. Adding the type information mainly ensures that parsing abstract type names works as specified.
1.318	20-Jul-2021	rillig	lint: use consistent naming scheme for functions that build nodes No functional change.
1.317	20-Jul-2021	rillig	lint: split 'build' into build_binary and build_unary No functional change.
1.316	15-Jul-2021	rillig	lint: allow pointer casts from 'char ' and 'unsigned char ' For the sake of traditional code that did not yet migrate to using 'void *' for arbitrary pointers. In the standard NetBSD build, this reduces the number of lint warnings by around 7000, of 57000 total.
1.315	15-Jul-2021	rillig	lint: replace call to ttos with type_name Since tyname.c 1.20 from 2021-01-02, type_name is as simple to use as ttos and more expressive. It can also be called multiple times without invalidating the returned strings. Used only in debug mode.
1.314	14-Jul-2021	rillig	lint: extract build_member_access from the grammar No functional change.
1.313	06-Jul-2021	rillig	lint: rename type generic_association_types to generic_association The word 'types' was misleading and unnecessary. No functional change.
1.312	04-Jul-2021	rillig	lint: replace wrong assumption with citation from C99 No functional change.
1.311	04-Jul-2021	rillig	lint: document where to fix missing const in lvalue-to-rvalue No functional change.
1.310	04-Jul-2021	rillig	lint: align messages for invalid left operand of '.' or '->'
1.309	04-Jul-2021	rillig	lint: clean up new_tnode No functional change.
1.308	04-Jul-2021	rillig	lint: remove remaining support for lvalue casts These had been GCC extensions until GCC 3.4, they were removed in GCC 4.0.
1.307	04-Jul-2021	rillig	lint: remove support for obsolete GCC-style lvalue casts Since GCC 4.0, a cast results in an rvalue.
1.306	04-Jul-2021	rillig	lint: in strict bool mode, allow mixed types in generated C code This allows flex lexers to be run through lint in strict bool mode.
1.305	04-Jul-2021	rillig	lint: remove outdated assertion Since err.c 1.12 from 2000-07-06, lint allows to suppress individual error messages. Suppressed error messages do not increment nerr. Keeping nerr at 0 had triggered the assertion.
1.304	03-Jul-2021	rillig	lint: fix assertion failure in display_expression for bool constants
1.303	30-Jun-2021	rillig	lint: do not warn about use of implicitly declared GCC builtins
1.302	30-Jun-2021	rillig	lint: in C99 mode, only warn about implicit function declarations Since tree.c 1.294 from 2021-06-28 (two days ago), lint errored out on an implicit function declaration. In principle it is correct to do so since C99 requires it, but in practice there are a several functions that are not declared in the translation unit itself since they are provided by the compiler. Typical examples for GCC and Clang are the various functions named '__builtin_' and '__atomic_'. For now, only warn about these but don't error out.
1.301	30-Jun-2021	rillig	lint: mention the name of an implicitly declared function In the regular NetBSD builds, this happened in swab.c:65. That line contains __predict_false, which may or may not be a macro. In other cases, there may be more than one function call in a single line.
1.300	30-Jun-2021	rillig	lint: fix type name in message 101 for wrong member name
1.299	30-Jun-2021	rillig	lint: improve comment about INT keeping t_is_enum
1.298	29-Jun-2021	rillig	lint: rename xsign to convert_integer The term sign-extend was too specific, the function actually does a broader conversion. No functional change.
1.297	29-Jun-2021	rillig	lint: do not sign-extend pointers Sign extension only makes sense for integer types. No idea why the code had tried to sign-extend pointers for the past 26 years.
1.296	29-Jun-2021	rillig	lint: document where to fix the wrong warning for '\xff'
1.295	29-Jun-2021	rillig	lint: fix typos in comment
1.294	28-Jun-2021	rillig	lint: in C99 mode, complain about implicitly declared functions C99, foreword, p5, item 22 lists among the major changes from C90: "remove implicit function declaration".
1.293	28-Jun-2021	rillig	lint: add type information to message 155 (type mismatch)
1.292	27-Jun-2021	rillig	lint: fix type comparison in _Generic selection expressions In the newly added test comma_expression, there were two distinct type objects for the tspec DOUBLE.
1.291	27-Jun-2021	rillig	lint: fix result type of _Generic expressions
1.290	20-Jun-2021	rillig	lint: remove unnecessary call to print_tnode For the possible operators that occur in message 324, print_tnode is equivalent to op_name, and the latter is simpler. When the function print_node was added to the code base, it had another use in init.c, for understanding how initialization works in lint. That code has since been rewritten completely, therefore print_tnode is no longer needed. For debugging, display_expression is the better choice since it has multi-line output and does not suffer from a fixed-length buffer. No functional change.
1.289	20-Jun-2021	rillig	lint: rename val_t.v_unsigned to avoid confusion The name v_unsigned suggested that the value would be interpreted as unsigned, which was wrong. Whether a value is signed or unsigned is decided by v_tspec instead. Revert the previous commit for boolen constants since their value is already interpreted as unsigned, and there is no need for any warning about differences between traditional C and ANSI C since the _Bool type has only been added ten years later in C99. The code for printing a tree node was also confused by this struct member, even with its old name v_ansiu. That code will be fixed in a follow-up commit. No functional change.
1.288	20-Jun-2021	rillig	lint: rename val_t.v_ansiu to v_unsigned When lint was written in 1995, traditional C was still nearby since C90 had been around for only 5 years. 26 years later, almost all code adheres to C90 or even C99 or C11, therefore "C90 or later" can safely be assumed as the default. No functional change.
1.287	15-Jun-2021	rillig	lint: replace array access with function calls First and foremost, the test d_c99_complex_split accessed the array qlmasks out-of-bounds, with an index of 128 for the type 'double _Complex'. This invoked undefined behavior since the maximum allowed index was 64. Replacing the raw array accesses with function calls allows for bounds checks to catch these errors early. Determining the value bits for a 'double _Complex' does not make sense at all since it is not an integer type. This means that lint didn't handle these types correctly for several years. Support for int128_t has been added in inittyp.c 1.12 from 2018-09-07, support for _Complex has been added in inittyp.c 1.9 from 2008-04-26. Determining the value bits for an int128_t would make sense, but the unit tests don't contain examples for this type since at the moment all unit tests must produce the same results on 32-bit and 64-bit platforms, and the 32-bit platforms don't support int128_t.
1.286	15-Jun-2021	rillig	lint: extract convert_constant_to_floating
1.285	15-Jun-2021	rillig	lint: split convert_constant_check_range No functional change.
1.284	15-Jun-2021	rillig	lint: merge duplicate code
1.283	15-Jun-2021	rillig	lint: extract convert_constant_check_range No functional change.
1.282	15-Jun-2021	rillig	lint: extract convert_constant_floating No functional change.
1.281	04-May-2021	rillig	lint: fix assertion failure when promoting a bit-field larger than int
1.280	18-Apr-2021	rillig	lint: rename parameter to expr That parameter used to be used for a single purpose, later it got used for checking the reachability as well, which made the name misleading.
1.279	18-Apr-2021	rillig	lint: remove redundant CONSTCOND In do-while-0 loops, these are no longer needed since tree.c 1.202 from 2021-01-31.
1.278	18-Apr-2021	rillig	lint: extend documentation about handling initializations
1.277	17-Apr-2021	rillig	lint: do not warn about alignment when casting from incomplete struct This removes a bunch of technically correct but practically useless warnings from the regular NetBSD build.
1.276	10-Apr-2021	rillig	lint: prepare renaming of 'struct type' It's confusing to have the same struct tag in both lint1 and lint2, with mostly the same members, but also some differences. Before actually changing this, I reviewed all occurrences of the word 'type' in the code. No functional change.
1.275	09-Apr-2021	rillig	lint: fix wrong warning about uninitialized _Complex variable Seen in divxc3.c.
1.274	09-Apr-2021	rillig	lint: do not warn about pointer conversion to or from incomplete type This cuts down the warnings in a NetBSD release build by about 38,000.
1.273	09-Apr-2021	rillig	lint: clean up the check for pointer conversions No functional change.
1.272	08-Apr-2021	rillig	lint: don't warn about cast between pointers to compatible structs
1.271	06-Apr-2021	rillig	lint: for shift in C99 mode, do not warn about difference to pre-C90 C99 is too far away from traditional C to make this warning useful. There are 3 different situations in which this warning is generated: For '1 << (unsigned char)1', the result type is 'unsigned int' in traditional C. The result type is unsigned because at least 1 of the operators is unsigned, and it is 'unsigned int' because the usual arithmetic promotions are applied. For '1 >> (long)1', as well as for '1 << (long)1', the result type is 'long' in traditional C since the usual arithmetic promotions are applied. Omitting this warning in C99 mode reduces the amount of lint warnings in a typical NetBSD release build by approximately 6800 of 107000 total.
1.270	06-Apr-2021	rillig	lint: reduce indentation of typeok_shift No functional change.
1.269	06-Apr-2021	rillig	lint: add details to warning about too large shift amount The previous message 'shift greater than size of object' was too short to give reasonable hints, especially when the expressions involve typedefs or macros.
1.268	06-Apr-2021	rillig	lint: fix wrong warning about losing accuracy when converting to _Bool
1.267	06-Apr-2021	rillig	lint: move check for strict bool mode into separate file No functional change.
1.266	05-Apr-2021	rillig	lint: warn about for wrong type cast in argument to ctype.h functions The argument to most of the functions from <ctype.h> "shall either be representable as an 'unsigned char' or shall equal the value of the macro EOF". When confronted with the infamous warning 'array subscript has type char', there are enough programmers who don't know the background of that warning and thus fix it in a wrong way. Neither GCC nor Clang explain its warning to target these programmers. Both GCC and Clang warn about 'array subscript has type char', but they ignore the other requirements of the <ctype.h> functions, even though these are in the C standard library. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94182 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95177 https://stackoverflow.com/a/60696378
1.265	02-Apr-2021	rillig	lint: reword message about constant argument to '!' In the other messages, operators are typically written in their literal form as well. Using single quotes disambiguates them from normal punctuation.
1.264	02-Apr-2021	rillig	lint: fix typo from previous commit in merge_qualifiers
1.263	02-Apr-2021	rillig	lint: clean up merge_qualifiers No functional change.
1.262	02-Apr-2021	rillig	lint: rename local variable in build_colon The name 'rtp' was confusing since it did not correspond to 'rn'. The 'r' meant 'result', not 'right-hand side'. No functional change.
1.261	02-Apr-2021	rillig	lint: replace a new modtab with op_name This reduces the types of variables that are passed around. No functional change.
1.260	02-Apr-2021	rillig	lint: rename getopname to op_name There are several functions called 'get' that allocate memory. Remove this possible confusion. No functional change.
1.259	02-Apr-2021	rillig	lint: add parentheses after sizeof, as required by share/misc/style No functional change.
1.258	02-Apr-2021	rillig	lint: rename functions for duplicating types No functional change.
1.257	02-Apr-2021	rillig	lint: name memory allocation functions consistently No functional change.
1.256	02-Apr-2021	rillig	lint: rename getnode to expr_zalloc_tnode The new name highlights that the returned memory is only valid in the scope of the current expression. This was misleading before since the other related functions all have a 't' (probably for 'temporary') in their names. Also encode in the function name that the returned memory is zeroed out as that could not be inferred from the old name. No functional change.
1.255	01-Apr-2021	rillig	lint: remove wrong assumption from comment The size in bits of a struct or union is not measured at all at this point since portable_size_in_bits only takes the broad type classification (tspec_t), not the precise type information (type_t). No functional change.
1.254	30-Mar-2021	rillig	lint: add type information for message about unknown member name
1.253	28-Mar-2021	rillig	lint: sprinkle const on function declarations No functional change.
1.252	27-Mar-2021	rillig	lint: remove space between 'sizeof (' No functional change.
1.251	26-Mar-2021	rillig	lint: add quotes around placeholder in message about undefined variable Before: error: expected undefined [99] After: error: 'expected' undefined [99] Seen in external/mpl/bind, which for Clang defines in stdatomic.h: > #define atomic_exchange_explicit(obj, desired, order) \ > __c11_atomic_exchange_explicit(obj, expected, order) Note the mismatch between 'desired' and 'expected'.
1.250	26-Mar-2021	rillig	lint: in malloc calls, use 'sizeof *ptr' instead of 'sizeof(type)' No functional change.
1.249	26-Mar-2021	rillig	lint: allow pointer cast to 'char ' and 'unsigned char ' This reduces the number of warnings in the regular NetBSD build by 5560.
1.248	26-Mar-2021	rillig	lint: rename variables in check_pointer_conversion No functional change.
1.247	26-Mar-2021	rillig	lint: extract decision for warning about pointer cast This makes the code several lines longer but way more readable. In the previous dense expression it was hard to see what was going on at all and that there are two completely separate situations in which this warning applies. No functional change.
1.246	22-Mar-2021	rillig	lint: use precise type information in message about type mismatch While here, reword the message, avoiding operators and parentheses. Since 2021-01-02, providing the precise type name is as easy as the broad type classification (just replace tspec_name with type_name), and it's definitely more useful to the human readers.
1.245	21-Mar-2021	rillig	lint: invert 'rchflag', call it warn_about_unreachable instead No functional change.
1.244	21-Mar-2021	rillig	lint: reduce number of places where 'reached' is set When determining the reachability of a statement, the idea was that whenever 'reached' was set to false, 'rchflg' (the abbreviation for "do not warn about unreachable statements") would be reset as well. In some (trivial) cases, this was done, but many more interesting cases simply forgot to set this second variable. To prevent this in the future, encapsulate this in a simple helper function. Now even if a statement is reachable, 'rchflg' gets reset. This does not hurt since as long as the current statement is reachable, the value of 'rchflg' does not matter. No functional change. There would be quite a big functional change though if check_statement_reachable were to reset 'rchflg' instead of 'reached', as the comment already suggests. In that case, with the current code, many legitimate warnings about unreachable statements would be skipped, especially those involving 'if' statements, since these didn't reset 'rchflg' properly before.
1.243	21-Mar-2021	rillig	lint: fix wrong 'statement not reached' in do-while loop
1.242	20-Mar-2021	rillig	lint: clean up new_name_node No functional change.
1.241	20-Mar-2021	rillig	lint: move getopname over to tree.c Except for the one use in print_tnode, the name of the operator is only used in tree.c. No functional change.
1.240	20-Mar-2021	rillig	lint: remove redundant operator properties table It's enough to have modtab, which describes the properties of the various operators. There is no need to have a second table imods that holds the same content. Rather make modtab constant as well. The only possible functional change is that the names of the internal operators 'no-op', '++', '--', 'real', 'imag' and 'case' may appear in diagnostics, where previously lint invoked undefined behavior by passing a null pointer for a '%s' conversion specifier.
1.239	20-Mar-2021	rillig	lint: inline access to type properties in check_bad_enum_operation No functional change.
1.238	20-Mar-2021	rillig	lint: in strict bool mode, check initialization as well C99 6.7.8p11 says for initialization that "the same type constraints and conversions as for simple assignments apply", so actually apply them. (I had just forgotten this "operator" when I first implemented strict bool mode.)
1.237	19-Mar-2021	rillig	lint: rename in_bit to in_bits No functional change.
1.236	19-Mar-2021	rillig	lint: rename tsize to type_size_in_bits The shorter name size_in_bits was already taken by the function-like macro with argument type tspec_t. No functional change.
1.235	18-Mar-2021	rillig	lint: make the debug log for nodes more readable The operator NAME has the name 'name', therefore no special case is needed. Having the words 'with type' in the message makes the message easier to find from the debug log. Given that the operator name is used unquoted, the log message 'name: int value=111' was nearly impossible to find in the code. Replace the '()' with an actual word, to avoid any confusion about whether the type name might be a function type without prototype. Reduce the amount of '=' signs, instead use commas to separate the properties of the node. No functional change outside debug mode.
1.234	18-Mar-2021	rillig	lint: reword message about type mismatch in initialization Using parentheses for quotes is unusual, furthermore the previous message didn't follow proper grammar rules, sacrificing clarity for brevity.
1.233	17-Mar-2021	rillig	lint: rename 'blklev' to 'block_level' No functional change.
1.232	28-Feb-2021	rillig	lint: fix null pointer dereference on parse error Fixes PR bin/22119.
1.231	28-Feb-2021	rillig	lint: document where in C99 the behavior of cconv is specified
1.230	28-Feb-2021	rillig	lint: replace wrong comment with assertion The broad type of a value is indeed stored in the value itself, in the member v_tspec. For nodes that refer to this value, it is redundantly stored, it always equals tn->tn_type->t_tspec. After initialization, neither tn->tn_type nor val->v_tspec are modified. This is not ensured by the compiler but has to be analyzed manually. No functional change.
1.229	28-Feb-2021	rillig	lint: rename is_nonzero to constant_is_nonzero The new function name emphasizes that the given node must have the operator CON. No functional change.
1.228	28-Feb-2021	rillig	lint: rename members and access macros of the basic types Having the measurement unit in the variable name prevents accidental confusion between bits and bytes, especially since usually the word 'size' means the size in bytes, while 'width' means the size in bits, at least for integer types. No functional change.
1.227	28-Feb-2021	rillig	lint: do not warn about constant expressions involving sizeof These expressions are indeed constant for a specific platform, but on another platform their value may change. This makes them unsuspicious and legitimate for portable code. Seen in rump_syscalls.c, as 'sizeof(int) > sizeof(register_t)'.
1.226	28-Feb-2021	rillig	lint: rename parameter in function 'expr' For symmetry with the function is_constcond_false. No functional change.
1.225	28-Feb-2021	rillig	lint: add type information for 'incompatible struct pointers'
1.224	28-Feb-2021	rillig	lint: add type information to enum type mismatch
1.223	28-Feb-2021	rillig	lint: make messages for incompatible pointers more specific Message 153 didn't state obviously which of the pointer types was the one before conversion (or cast) and which was the resulting type. Message 229 didn't have any type information at all.
1.222	28-Feb-2021	rillig	lint: add type information to 'possible pointer alignment problem [135]' This warning occurs more than 7400 times in a regular NetBSD build, and without giving any type information, leaves the reader clueless about what the underlying issue might be. Add type information since that is a no-brainer to implement.
1.221	28-Feb-2021	rillig	lint: skip alignment computation if possible Testing a global variable is simpler than calling a 20-line function. No functional change.
1.220	28-Feb-2021	rillig	lint: rename getbound to alignment_in_bits No functional change.
1.219	27-Feb-2021	rillig	lint: rename confusing local variable The variable name rtp is reserved for the type of the right-hand operand. No functional change.
1.218	22-Feb-2021	rillig	lint: change spelling of initialisation to initialization That's the wording from the ISO C99 standard.
1.217	22-Feb-2021	rillig	lint: improve debug message and comment
1.216	21-Feb-2021	rillig	lint: extract check_non_constant_initializer from init_using_expr No functional change.
1.215	21-Feb-2021	rillig	lint: always initialize return values of constant_addr Before, the caller was responsible for initializing the return values from the function. This was an unexpected burden. Ensure that in each branch that returns true, both return values are properly set. Strangely, the only caller of that function, init_using_expr, uses neither of the return values. It just tests whether the expression is constant or not. No functional change.
1.214	21-Feb-2021	rillig	lint: add type information to message about enum mismatch
1.213	21-Feb-2021	rillig	lint: indent node details in debug mode
1.212	20-Feb-2021	rillig	lint: fix lint warnings No functional change.
1.211	20-Feb-2021	rillig	lint: do not warn about 'do { ... } while (false)' in strict bool mode
1.210	20-Feb-2021	rillig	lint: extend debugging for initializing objects No functional change outside debug mode.
1.209	19-Feb-2021	rillig	lint: rename t_isenum and t_aincompl to be more expressive No functional change.
1.208	19-Feb-2021	rillig	lint: rename str_t and its members to be more expressive No functional change.
1.207	15-Feb-2021	rillig	lint: remove redundant comment That comment was useful when there was no function is_null_pointer. Back then, the code for testing a null pointer was written in-line, which made it really hard to see what's going on. This is no longer the case.
1.206	15-Feb-2021	rillig	lint: extract typeok_colon_pointer from typeok_colon The subtype information is now only accessed if both operands are actually pointers. No functional change.
1.205	04-Feb-2021	rillig	lint: add back "due to prototype" to message 259 That message is only supposed to warn about compatibility to traditional C, in case the function should ever be compiled without its prototype being in effect. All other type checks are supposed to be in another function, as documented, but that type check misses to report a few error-prone type combinations (long to char, long to int). 30 years after the introduction of prototypes with C90, almost all existing code uses prototypes. The warning has thus lost most of its usefulness and can rather be confusing since a conversion from 'char' to 'long' is not problematic with prototypes in action, and the probability of the code being backported to a pre-C90 compiler is diminishingly small. The words "due to prototype" now serve as a hint again. The proper fix could be to suppress this warning in C99 mode since that's far enough from traditional C.
1.204	31-Jan-2021	rillig	lint: reword message 259 about function argument conversion The words "due to prototype" are an anachronism from the 1990s. Nowadays every function is defined using a prototype, which makes these words redundant.
1.203	31-Jan-2021	rillig	lint: make warning about function argument conversion more detailed For every conversion it is useful to know both the source and the target type since these are not always obvious from the code. The only surprise is the warning in d_gcc_extension. The conversion there is from 'double' to 'long double', which is a lossless conversion. This may be a bug in lint.
1.202	31-Jan-2021	rillig	lint: don't warn about constant condition in 'do { } while (0)'
1.201	31-Jan-2021	rillig	lint: fix strange message about nested '==' operators If one of the nested subexpressions is parenthesized, the author probably knew how these expressions are evaluated. Therefore don't warn in such a situation. Maybe the original author once made a typo and tried to initialize variables but instead compared them, like this: int a, b, c; a == b == c; This would explain the text of the message, which still sounds strange. At least it doesn't show up as often anymore.
1.200	31-Jan-2021	rillig	lint: mention the operator in messages about bit shifts
1.199	30-Jan-2021	rillig	lint: flatten has_side_effect Since GCC performs tail call optimization, the generated code is practically the same. Replace redundant comments with open questions. No functional change.
1.198	30-Jan-2021	rillig	lint: fix wrong 'expression has null effect'
1.197	30-Jan-2021	rillig	lint: extract has_side_effect from check_null_effect No functional change.
1.196	30-Jan-2021	rillig	lint: add type information to message 275 Before: cast discards 'const' from pointer target type After: cast discards 'const' from type 'pointer to const char' Seen in sqlite3.c.
1.195	30-Jan-2021	rillig	lint: add type information to warning about troublesome casts The previous warning text did not mention the actual types that are involved in the type conversion. These types can be hard to see from the source code as soon as macros are involved, and even in plain code, one would have to follow the declarations, which is an unnecessary burden. Lint already has all information about the involved types, so there is no reason for omitting this crucial information. Seen in external/mit/lua/dist/src/lvm.c and several other files. Including the type information in the message immediately makes the message scarier. Before: pointer casts may be troublesome After: pointer cast from 'pointer to struct TString' to 'pointer to union GCUnion' may be troublesome
1.194	30-Jan-2021	rillig	lint: rename incompl to is_incomplete No functional change.
1.193	30-Jan-2021	rillig	lint: fix type conversion for very large data types Data types that are 4 GB or larger are an edge case. Nevertheless, compute their size correctly.
1.192	30-Jan-2021	rillig	lint: remove redundant parentheses No functional change.
1.191	24-Jan-2021	rillig	lint: reduce preprocessor magic for platform target types
1.190	24-Jan-2021	rillig	lint: extract duplicate code into is_null_pointer No functional change.
1.189	24-Jan-2021	rillig	lint: fix wrong warning about null pointer comparison
1.188	24-Jan-2021	rillig	lint: fix local variable names in check_pointer_comparison
1.187	24-Jan-2021	rillig	lint: clean up typeok_eq and check_pointer_comparison Since typeok_eq does not issue any diagnostics, prefix it with "is_". By convention, the variable rt aliases rn->tn_type->t_tspec. Make it obvious that in check_pointer_comparison, rt corresponds to the subtype of the pointer.
1.186	24-Jan-2021	rillig	lint: document bug in typeok_eq Since rt is an alias for rn->tn_type->t_tspec, it cannot be PTR and VOID at the same time. This makes the condition unsatisfiable. Removing that part of the code didn't show any change in behavior, as expected. It may even be that fixing this obvious bug doesn't show any change in behavior since that function is only used in a single place and check_pointer_comparison performs its own checks before issuing any warning. At least the test cases added to msg_124.c all run as expected.
1.185	24-Jan-2021	rillig	lint: update data types in comments from int to bool
1.184	23-Jan-2021	rillig	lint: fix error message for relaxed bool operations in system headers In strict mode, allowing 1 as bool constant expression is probably not needed in practice since most comparisons are != 0 instead of == 0. Furthermore, in the expression (flags & 0x0002) == true, comparing with true is misleading since the '==' operator can never evaluate to true in this case.
1.183	23-Jan-2021	rillig	lint: fix two wrong error messages in strict bool mode The strict bool mode gets complicated because for system headers the rules need to be relaxed since they cannot be changed easily, often not at all. Still, if lint validates a program in strict bool mode, that program must run with equal behavior regarding boolean expressions even on a pre-C99 platform.
1.182	18-Jan-2021	rillig	lint: clean up code (mostly comments)
1.181	17-Jan-2021	rillig	lint: allow system headers to use int as bool, even in strict bool mode
1.180	17-Jan-2021	rillig	lint: rename typeok_amper to typeok_address This is about the address-of operator, not about the '&' sign that is also used for bitwise and.
1.179	17-Jan-2021	rillig	lint: add type information to message 126
1.178	17-Jan-2021	rillig	lint: flatten typeok_ordered_comparison
1.177	17-Jan-2021	rillig	lint: extend a few message comments
1.176	17-Jan-2021	rillig	lint: add test for incrementing const variable
1.175	17-Jan-2021	rillig	lint: clean up typeok_ordered_comparison
1.174	17-Jan-2021	rillig	lint: fix return type of conaddr
1.173	17-Jan-2021	rillig	lint: reduce scope of local variables in check_expr_misc
1.172	17-Jan-2021	rillig	lint: replace integer constants with bool constants
1.171	17-Jan-2021	rillig	lint: rename bitwise operators When there are several variants of the AND operator, both of them should get a distinguishing prefix, otherwise it's not clear which of the two possible operators is meant by the plain AND.
1.170	17-Jan-2021	rillig	lint: rename operator STAR to INDIR C99 calls this operator the "indirection operator". The word "star" does not occur in the index of that standard.
1.169	17-Jan-2021	rillig	lint: rename operator AMPER to ADDR There is no operator called 'ampersand'. The ampersand sign is merely the textual representation of both the operator ADDR and the operator BITAND.
1.168	17-Jan-2021	rillig	lint: rename build_ampersand to build_address At that stage of analysis, the ampersand is no longer ambiguous, it has already been resolved as the address-of operator, instead of the bitwise-and operator.
1.167	17-Jan-2021	rillig	lint: extract fallback_symbol from new_name_node The code was too close to the right margin, causing unnatural line breaks. Furthermore it was getting too long and detailed.
1.166	17-Jan-2021	rillig	lint: flatten check_pointer_integer_conversion
1.165	17-Jan-2021	rillig	lint: in strict bool mode, don't treat bool as arithmetic type
1.164	17-Jan-2021	rillig	lint: rename mod_t members
1.163	16-Jan-2021	rillig	lint: refactor strict bool mode and improve comments The previous comment above typeok_strict_bool_compatible was too hard to understand.
1.162	16-Jan-2021	rillig	lint: in strict bool mode, perform the normal checks as well
1.161	16-Jan-2021	rillig	lint: simplify typeok_strict_bool_compatible
1.160	16-Jan-2021	rillig	lint: add missing warning for bool() == int
1.159	16-Jan-2021	rillig	lint: simplify typeok_strict_bool_assign When that function is called, the nodes are already before_conversion.
1.158	16-Jan-2021	rillig	lint: remove redundant calls to before_conversion
1.157	16-Jan-2021	rillig	lint: replace integer constant expressions with true and false LINTFLAGS=-gST make lint, with manual review. The error messages from lint are all correct, they are not complete though. The return value of a function returning bool may still be compared to the integer 0.
1.156	16-Jan-2021	rillig	lint: in strict bool mode, integer constants do not have type bool Previously, lint1 allowed integer constants such as 0 and 1 to be used as bool constants. This was only half-baked since after fixing all error messages from that strict mode, there may still be integer literals in the code that should be replaced with true or false. This would stop a migration from int to bool in the middle, leaving inconsistent code around. To find the remaining type inconsistencies, treat integers and bool as completely incompatible, even for compile time constants.
1.155	16-Jan-2021	rillig	lint: prepare to make strict bool mode even stricter Currently, strict bool mode still allows integer constant expressions to be converted implicitly to bool. This is something that other languages such as Go, Java, C#, Pascal don't allow. By providing a custom implementation of <stdbool.h> that defines false and true to custom bool constant identifiers, lint will cover these cases as well. To prepare for this, reword the rules and restructure the tests in d_c99_bool_strict.c.
1.154	16-Jan-2021	rillig	lint: replace 0 and 1 with false and true, where appropriate Change in behavior: Passing the option -h exactly 4294967296 times or any multiple thereof is no longer equivalent to passing it never at all, it is now equivalent to passing it once. See main2.c, hflag++ for the actual change. Other than that, no functional change intended. A very large portion of the code already conformed to the requirements of the strict bool mode. The only missing thing was using the constant literals false and true instead of 0 and 1. For sure there are some integer literals left that can be converted. For now, all literals that appeared in the form " = 0" or " = 1" have been replaced.
1.153	15-Jan-2021	rillig	lint: merge duplicate code for non-zero detection
1.152	14-Jan-2021	rillig	lint: add type details to message for enum type mismatch Before December 2020, it was cumbersome to add type information to a message since the caller had to explicitly allocate buffers for the type names. That's probably the reason why this crucial detail had been left out of the warning.
1.151	12-Jan-2021	rillig	lint: add new check for strict bool mode In strict bool mode, bool is considered incompatible with all other scalar types, just as in Java, C#, Pascal. The controlling expressions in if statements, while loops, for loops and the '?:' operator must be of type bool. The logical operators work on bool instead of int, the bitwise operators accept both integer and bool. The arithmetic operators don't accept bool. Since <stdbool.h> implements bool using C preprocessor macros instead of predefining the identifiers "true" and "false", the integer constants 0 and 1 may be used in all contexts that require a bool expression. Except from these, no implicit conversion between bool and scalar types is allowed. See usr.bin/tests/xlint/lint1/d_c99_bool_strict.c for more details. The command line option -T has been chosen because all obvious choices (-b or -B for bool, -s or -S for strict) are already in use. The -T may stand for "types are checked strictly". The default behavior of lint doesn't change. The strict bool check is purely optional. An example program for strict bool mode is usr.bin/make, which has been using explicit comparisons such as p != NULL, ch != '\0' or n > 0 in most places for a long time now, even before the refactoring in 2020.
1.150	11-Jan-2021	rillig	lint: split typeok into several functions
1.149	11-Jan-2021	rillig	lint: sprinkle a few const modifiers throughout the code
1.148	10-Jan-2021	rillig	lint: fix conversion of non-constant scalar to _Bool
1.147	10-Jan-2021	rillig	lint: fix conversion of constant expressions to _Bool
1.146	10-Jan-2021	rillig	lint: rename cvtcon to convert_constant No functional change.
1.145	10-Jan-2021	rillig	lint: remove redundant braces in is_confusing_precedence This nicely aligns the different branches, in which "l" and "r" are swapped. No functional change.
1.144	10-Jan-2021	rillig	lint: rename type classification macros The previous names tspec_is_int and tspec_is_uint were confusing because there are actually tspec_t constants called INT and UINT, these classification macros return true for other integer types as well, though. While here, remove the prefix "tspec_" from these macros. It wasn't as helpful as intended, in many cases it was obviously redundant, when it was called as tspec_is_integer(tn->tn_type->t_tspec). No functional change.
1.143	09-Jan-2021	rillig	lint: push down complexity from typeok to typeok_shr Contrary to the comment in typeok, the types of the expressions before promotions and conversions are not needed for SHL, SHLASS and SHRASS. Move that code over to typeok_shr, the only place where it is actually used. This removes another 3 variables from typeok.
1.142	09-Jan-2021	rillig	lint: move pointer subtypes from typeok to the sub-functions The code in typeok is already complicated enough. Only few of the checks actually examine the subtype of the pointer, the others don't need to look at it. Therefore don't initialize the variables lstp (left-hand side subtype) and rstp unless they are actually needed. This reduces the number of variables in typeok and the number of parameters to the sub-functions.
1.141	09-Jan-2021	rillig	lint: change return type of typeok to bool No functional change.
1.140	09-Jan-2021	rillig	lint: split typeok into several smaller functions This reduces the number of local variables from 16 to around 5, in most of the smaller functions. No functional change.
1.139	09-Jan-2021	rillig	lint: extract typeok_amper from typeok No functional change.
1.138	09-Jan-2021	rillig	lint: extract typeok_incdec from typeok No functional change.
1.137	09-Jan-2021	rillig	lint: fix crash for error 108 (invalid type of unary operator)
1.136	09-Jan-2021	rillig	lint: make target platform independent of host platform If lint is run on a platform that has CHAR_BIT == 10, this doesn't magically make an ILP32 platform have 40 bits per uint32_t. At the moment, all of the supported platforms are either ILP32 or I32LP64 anyway, and all of them have CHAR_BIT == 8 == CHAR_SIZE, so nothing changes practically.
1.135	05-Jan-2021	rillig	lint: make check_precedence_confusion simpler In C, only binary operators have possibly confusing precedence. All binary operators have lower precedence than an explicit cast. When an expression is parsed, the parentheses are associated with the innermost possible node. This means that as soon as a cast operator is parenthesized, its contained expression can no longer have confusing precedence. This allows the code to be written more succinct since the local variables are no longer necessary.
1.134	05-Jan-2021	rillig	lint: extract code for determining possible precedence confusion The function check_precedence_confusion was pretty long, and right in the middle of that function was the complicated part of determining which of the operand combinations are confusing and which aren't. Extract this part into a separate function to document on which information this decision is based. This makes it easier to understand the code since there are fewer local variables around. As a left-over from a previous commit, rop and rparn don't need to be initialized twice, now that the assertion for a binary operator is in place. Remove the large and useless switch statement over all operator types. This list was completely unsorted, for no apparent reason. To see the list of operators, better look them up in ops.def, there was no need to have this list duplicated here.
1.133	04-Jan-2021	rillig	lint: precedence confusion is only possible with binary operators No functional change. The operator table in ops.def states that every operator that has possibly confusing precedence is also a binary operator, so assert that instead of having two different code paths.
1.132	04-Jan-2021	rillig	lint: fix bug in "precedence confusion possible [169]"
1.131	04-Jan-2021	rillig	lint: document and demonstrate the bug in check_precedence_confusion It took quite a while to get to the correct interpretation of this small piece of code and to draw the right conclusions from it. Now the bug is finally ready to be fixed, as already announced in the test.
1.130	04-Jan-2021	rillig	lint: add more rationale for removing effect-less code
1.129	04-Jan-2021	rillig	lint: finish the comments in check_precedence_confusion
1.128	04-Jan-2021	rillig	lint: replace LERROR with lint_assert in check_expr_misc This reduces the visual clutter. There is no reason for anyone to modify the code around the CALL operator, therefore the assertion is not expected to fail anytime soon.
1.127	04-Jan-2021	rillig	lint: fix typos and other minor stylistic issues
1.126	04-Jan-2021	rillig	lint: fix bugs in dprint_node in debug mode (since today) The node was dereferenced before the null check. GCC 5.5 didn't warn about this obvious bug, not even with -Wall -Wextra -O2. Such a case didn't occur though in the few tests that this function was used in. The indentation for the nested nodes only needs to be set for a few lines of code, make this region as small as possible. There are nodes that use both tn_left and tn_right, even though they are not defined as binary operators. An example is CALL, for which tn_left is the address of the function name and tn_right, which are the arguments, linked via PUSH nodes. CALL is not a binary operator since it doesn't do any calculations with its arguments.
1.125	04-Jan-2021	rillig	lint: move dprint_node to the top of the file It now resides right below dumpnode, which implements the same idea but uses a fixed-size output buffer and prints everything in a single line, which quickly gets hard to read. Maybe that's the reason why it had been commented out since it got added in 2014.
1.124	04-Jan-2021	rillig	lint: in debug mode, print node tree for precedence From the code alone, it is too difficult to see how the various internal operators are combined and what properties they have. A simple tree visualization helps to see all the details. This is used to track down the typo in check_precedence_confusion, to see whether it could have possibly had any influence at all.
1.123	04-Jan-2021	rillig	lint: add test for "precedence confusion possible [169]"
1.122	03-Jan-2021	rillig	lint: rename funcarg and funccall to longer names From the previous short names, it was no obvious that these functions create a new tree node. The function named funccall in lint2 has been left as-is, since it has a completely different prototype.
1.121	03-Jan-2021	rillig	lint: rename functions that create nodes
1.120	03-Jan-2021	rillig	lint: rename type.t_isfield to t_bitfield
1.119	03-Jan-2021	rillig	lint: remove redundant include of externs1.h It is already included by lint1.h.
1.118	03-Jan-2021	rillig	lint: let gnuism and c99ism return void instead of int The return value was only used in a single case. Duplicating the condition for printing a message is ok in that case, since it makes all other places in the code simpler. The occasional "(void)" or "msg = " before the function call had hidden the calls from check-msgs.lua, which didn't check the message texts in such cases.
1.117	03-Jan-2021	rillig	lint: add type information to message 124 "illegal pointer combination"
1.116	02-Jan-2021	rillig	lint: fix lint warning 161 "constant in conditional context"
1.115	02-Jan-2021	rillig	lint: fix buffer truncation for type names Previously, most type names had been cut off after 63 significant characters. In some cases, 127 characters survived, or 255. And for the debugging messages, sometimes even 1023. This inconsistency was useless. It was wrong in the first place to make the caller of the function tyname responsible for handling the buffer. That's not something a caller of such a simple function should do. These callers have better things to do. The API of the new function type_name is as simple as possible. In the implementation, the name of the type is generated anew each time. I just didn't know whether the type details could change, once the type is initialized, and I didn't want to find out. To be on the safe side, the resulting type name is cached, independently of the type it was generated for. Using a trivial, unbalanced binary tree should be good enough for now. All this work is necessary to support adding new debug logging, without being distracted by irrelevant implementation details such as these buffer sizes. Adding new debug messages should be fun and easy; up to now, it was overly bureaucratic.
1.114	01-Jan-2021	rillig	lint: rename styp and utyp
1.113	01-Jan-2021	rillig	lint: add missing redundant messages in source code
1.112	01-Jan-2021	rillig	lint: rename tokens for left and right parentheses
1.111	01-Jan-2021	rillig	lint: rename basic_type_name to tspec_name The term "basic type" is precisely defined in C99 6.2.5p14, and tspec_t is close to that, but nowhere identical.
1.110	01-Jan-2021	rillig	lint: clean up warn_incompatible_types Splitting the code arbitrarily in separate phases made the code harder to understand, both for humans as well as automated tools. One of these tools, check-msgs.lua, couldn't check whether the comments match the actual messages, and of course, the comments were wrong. There was no good reason to deviate from the pattern followed by all the rest of the code.
1.109	01-Jan-2021	rillig	lint: fix segmentation fault when checking returned enum types (211)
1.108	01-Jan-2021	rillig	lint: align comments in code with actual messages Redundancy is bad. Especially in this case, separating the format strings from the actual arguments prevents the compiler from cross-checking them.
1.107	30-Dec-2020	rillig	lint: replace LERROR with lint_assert This removes the redundancy of mentioning the function name in the error message. This redundancy had been correct in all but 2 cases: build_real_imag and tsize.
1.106	30-Dec-2020	rillig	lint: spell check comments
1.105	30-Dec-2020	rillig	lint: un-abbreviate s_field, s_keyw and s_xsym
1.104	30-Dec-2020	rillig	lint: un-abbreviate parenthesized and _strg
1.103	30-Dec-2020	rillig	lint: rename remaining _nxt members to _next
1.102	30-Dec-2020	rillig	lint: rename symt_t constants There's no need to abbreviate them, furthermore FMOS was imprecise.
1.101	30-Dec-2020	rillig	lint: rename s_nxt to s_next
1.100	29-Dec-2020	rillig	lint: rename functions that had very short names
1.99	29-Dec-2020	rillig	lint: fix typo in comments
1.98	29-Dec-2020	rillig	lint: rename functions with very short names
1.97	29-Dec-2020	rillig	lint: fix indentation and alignment that used space-tab
1.96	29-Dec-2020	rillig	lint: spell check
1.95	29-Dec-2020	rillig	lint: remove redundant parentheses around return value
1.94	29-Dec-2020	rillig	lint: rename functions that had very short names C99 guarantees that the first 31 characters of an identifier with external linkage are significant. This removes the need to use abbreviations for common words.
1.93	28-Dec-2020	rillig	lint: rename fields in mod_t
1.92	28-Dec-2020	rillig	lint: sort includes
1.91	28-Dec-2020	rillig	lint: realign code
1.90	28-Dec-2020	rillig	lint: rename tspec macros
1.89	28-Dec-2020	rillig	lint1: remove trailing whitespace
1.88	02-Jun-2020	christos	Fix return of alignof()
1.87	12-Jul-2019	christos	allow c9x struct casts (in new libXt)
1.86	07-Sep-2018	christos	recognize int128
1.85	29-Jun-2018	christos	add missing args for 123
1.84	06-Mar-2017	christos	branches: 1.84.10; 1.84.12; fix typeof, add __builtin_offsetof
1.83	19-Aug-2016	christos	branches: 1.83.2; Add union casts.
1.82	14-Oct-2015	christos	branches: 1.82.2; more descriptive errors
1.81	28-Aug-2015	joerg	~0 and -1 are the same for two-complement machines. ISO C says left shifts of negative values are UB, so do the shift for the unsigned equivalent and cast to int afterwards.
1.80	29-Jul-2015	christos	Make the return type of "? type1 : void " or "? void : type1" to be type1 instead of void *.
1.79	29-Jul-2015	christos	Be more specific about the type errors
1.78	09-Feb-2015	christos	Treat complex numbers like other floating numbers. This caused a core-dump when linting libm complex code and assumed the size of the type larger than the array size of value bitmaps.
1.77	20-Nov-2014	christos	allow c99 flexible arrays for packed structures.
1.76	17-Apr-2014	christos	- add a function to dump a node - better diagnostics on abort - allow converting a constant - initialize right node now that we trash memory this makes a difference. before it was NULL.
1.75	18-Feb-2014	christos	branches: 1.75.2; add __extension__ and typeof
1.74	18-Feb-2014	christos	__real__ and __imag__ produce lvalues
1.73	19-Apr-2013	christos	make NOSTRICT behave the same a LINTED; use the new format.
1.72	02-Mar-2013	christos	obey constcond to !constcond
1.71	20-Apr-2012	christos	branches: 1.71.2; add __PRETTY_FUNCTION__
1.70	27-Mar-2012	christos	more cross lint friendlyness XXX: needs more constants converted double/float
1.69	21-Mar-2012	christos	-0 is not unary overflow.
1.68	05-Feb-2011	christos	branches: 1.68.4; as promised make the last ops table auto-generated.
1.67	04-Feb-2011	christos	fix typo
1.66	18-Dec-2010	christos	branches: 1.66.2; PR/44235: Martin Husemann: Fix core dump due to memory corruption. Found by Henning Petersen
1.65	24-Nov-2010	christos	PR/44148: Henning Petersen: catstrg() does not set the resulting string length.
1.64	21-Mar-2010	christos	revert for now.
1.63	21-Mar-2010	christos	make lint recognize constant shift values and not warn if the number of bits shifted results in a narrower type.
1.62	02-Oct-2009	christos	compute sizes by the new tsize() function.
1.61	02-Oct-2009	christos	remove debugging
1.60	02-Oct-2009	christos	recognize struct __packed x { }; in addition to struct x { } __packed;
1.59	02-May-2009	christos	Add __alignof__.
1.58	27-Apr-2009	ginsbach	Print left and right type and not left type twice. (Hi Christos!)
1.57	15-Apr-2009	christos	Lukemify (WARNS=4)
1.56	13-Apr-2009	christos	since we know the types, print what they are in error messages.
1.55	02-Mar-2009	christos	Don't produce type mismatch warnings if one side of ?: is "[qual] void *" and the other side is "[qual] pointer".
1.54	16-Nov-2008	dholland	branches: 1.54.2; WARNS=4
1.53	27-Sep-2008	matt	Add the complex types to the floating point promotion rules.
1.52	26-Sep-2008	matt	Teach lint about long double _Complex (C99)
1.51	31-Jul-2008	christos	Add Picky flag; this produces more warnings: 1. long a; int i; a = i * i; suggests casting i to long, so that we gain precision in the multiplication. 2. warns about magnitude comparisons in enums. 3. warns about possible sign extension issues when integer types become widened.
1.50	03-May-2008	christos	branches: 1.50.2; don't check for NaN if fpe.
1.49	02-May-2008	christos	Since we cannot guarantee that all machines do ieee math, or that they have the proper math setup deal with SIGFPE directly.
1.48	27-Apr-2008	christos	print the types involved in an error.
1.47	27-Apr-2008	christos	reorder a couple of error messages.
1.46	25-Apr-2008	christos	preliminary _Complex support. NB: Does not really understand type conversions between complex and doubles.
1.45	04-Mar-2008	christos	branches: 1.45.2; PR/38142: YAMAMOTO Takashi: lint -S complains on variable length arrays
1.44	18-Oct-2006	he	branches: 1.44.8; 1.44.14; Simplify the previous change. There's actually no need to treat constants specially in ptconv(), the constants will be checked in convert() anyway.
1.43	18-Oct-2006	he	Partly redo when to emit warnings for argument type conversions. Remove the apparently always true "styp(nt) != SHORT" part of the innermost test. Allow atomatic conversion of literals as long as they fit into the target type. This should fix some of the lint issues in proplib on some of our platforms. Approved by christos.
1.42	22-Mar-2006	christos	Coverity CID 199: make sure that rtp is not NULL before dereferencing.
1.41	07-Apr-2005	christos	Factor out tyname() so that it can be used both by lint1 and lint2. Since type_t is different between lint1.h and lint2.h include the appropriate file depending on the pass. Make the argument mismatch error print the type names of the types involved. Now that we have a tyname() function we can fix the rest of the pass2 warnings to be more explanatory, but not now.
1.40	02-Jan-2005	christos	Shift assignment operators were handled incorrectly. On 64 bit machines, unsigned long x, y; x <<= y; always produces a warning because y is casted to int. Handle them instead the same way as regular shifts.
1.39	02-Jan-2005	christos	say from what type to what time we are converting.
1.38	12-Sep-2004	yamt	recognize _Bool.
1.37	20-Jun-2004	jmc	Completely rework how tools/compat is done. Purge all uses/references to _NETBSD_SOURCE as this makes cross building from older/newer versions of NetBSD harder, not easier (and also makes the resulting tools 'different') Wrap all required code with the inclusion of nbtool_config.h, attempt to only use POSIX code in all places (or when reasonable test w. configure and provide definitions: ala u_int, etc). Reviewed by lukem. Tested on FreeBSD 4.9, Redhat Linux ES3, NetBSD 1.6.2 x86 NetBSD current (x86 and amd64) and Solaris 9. Fixes PR's: PR#17762 PR#25944
1.36	30-May-2003	christos	branches: 1.36.2; PR/21706: Krister Walfridsson: CVT nodes not handled in ?: expressions.
1.35	14-May-2003	wiz	constant usually has two n.
1.34	22-Oct-2002	christos	add support for ({}) gcc shit.
1.33	22-Oct-2002	christos	handle free-ing of temp symbols properly. Don't segv on bad node types.
1.32	22-Oct-2002	christos	add C9X/GCC compound literal expressions.
1.31	22-Oct-2002	christos	add variable array dimension.
1.30	22-Oct-2002	christos	handle gcc __FUNCTION__ and C9X __func__
1.29	22-Oct-2002	christos	a cast to a pointer is an l-value.
1.28	22-Oct-2002	christos	handle cast in the rhs of a - op.
1.27	21-Oct-2002	christos	Ignore cast size test in initializers; look at example in the comment. Maybe there is a better way...
1.26	13-Sep-2002	christos	Minimize diffs with my C99 capable version [this commit does not include C99 support. - turn lerror() into a macro so that the filename and the line number of the error are printed before we abort. - recurse in type printing to provide the proper type name.
1.25	05-Feb-2002	thorpej	Replace u_quad_t with uint64_t and quad_t with int64_t, and use <inttypes.h> to get those type definitions. These types are more portable, and a little more sane to do autoconf tests for.
1.24	31-Jan-2002	tv	Use !finite() instead of isinf() in two places for better compatibility.
1.23	31-Jan-2002	tv	Protect __RCSID and __COPYRIGHT from being invoked if not defined.
1.22	17-Nov-2001	perry	Fix a bug in detecting overflow in unsigned multiplication. XXX Note that the overflow code for many cases seems to be buggy. I've only fixed one bug that was bothering me. A set of regression tests and extensive testing are needed.
1.21	16-Sep-2001	wiz	Spell 'occurred' with two 'r's.
1.20	28-May-2001	lukem	cleanup (prior to more adding more features): - convert to ANSI KNF - remove trailing whitespace - translate some comments from german into english code compiles and runs clean, and tested by running "make lint" against xlint source using previous and this lint produces same results.
1.19	28-Jul-1998	mycroft	Propagate the value and test contexts to the right-hand side of a comma operator.
1.18	27-Jul-1998	mycroft	Search both sides of a comma operator for side effects.
1.17	27-Jul-1998	mycroft	Fix a recurring typo: comparision -> comparison.
1.16	27-Jul-1998	mycroft	Fix uses of uninitialized memory, and incorrect types for initializers. From ITOH Yasufumi, PR 5861.
1.15	09-Apr-1998	tv	.y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for, and use smarter creation of the header file.
1.14	22-Feb-1998	christos	WARNSify
1.13	12-Mar-1997	mycroft	Remove hack for (very old) GCC bug on i386.
1.12	02-Oct-1995	jpo	insert a conversion operator from argument type to parameter type also if the subtypes of both argument and parameter do not match (use eqtype() instead of comparing t_tspec fields only).
1.11	02-Oct-1995	jpo	removed some dubious warnings about conversion of constant operands of bitwise operators
1.10	02-Oct-1995	jpo	allow register variables as left operand of POINT; fixes PR 1442
1.9	02-Oct-1995	jpo	don't print a warning about use of unitialized variables if one of the enclosing compound statements had already an asm statement
1.8	02-Oct-1995	jpo	LINTED and CONSTCOND are now valid up to the next end of a global or local declaration/definition/statement. Originally they were valid on the current and next line, which made it hard to suppress warnings in constructs with more then one line. LONGLONG can now be used to suppress errors or warnings in the next declaration, definition or statement.
1.7	02-Oct-1995	jpo	some minor bug fixes
1.6	02-Oct-1995	jpo	prototypes override old style function definitions this is a gnu extension to ansi c
1.5	02-Oct-1995	jpo	added inline keywords "inline" is enabled by -g, "__inline" and "__inline__" are always available
1.4	02-Oct-1995	jpo	prefixed members of dinfo_t with 'd_'
1.3	04-Jul-1995	cgd	hack around a bug in our gcc.
1.2	03-Jul-1995	cgd	RCS id cleanup
1.1	03-Jul-1995	cgd	branches: 1.1.1; Initial revision
1.1.1.1	03-Jul-1995	cgd	lint(1) implementation, by Jochen Pohl. named 'xlint' for a similar reason to why 'install' is named 'xinstall'.
1.36.2.1	22-Jun-2004	tron	Pull up revision 1.37 (requested by jmc in ticket #527): Completely rework how tools/compat is done. Purge all uses/references to _NETBSD_SOURCE as this makes cross building from older/newer versions of NetBSD harder, not easier (and also makes the resulting tools 'different') Wrap all required code with the inclusion of nbtool_config.h, attempt to only use POSIX code in all places (or when reasonable test w. configure and provide definitions: ala u_int, etc). Reviewed by lukem. Tested on FreeBSD 4.9, Redhat Linux ES3, NetBSD 1.6.2 x86 NetBSD current (x86 and amd64) and Solaris 9. Fixes PR's: PR#17762 PR#25944
1.44.14.1	24-Mar-2008	keiichi	sync with head.
1.44.8.1	23-Mar-2008	matt	sync with HEAD
1.45.2.1	18-May-2008	yamt	sync with head.
1.50.2.1	18-Sep-2008	wrstuden	Sync with wrstuden-revivesa-base-2.
1.54.2.1	13-May-2009	jym	Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
1.66.2.1	08-Feb-2011	bouyer	Sync with HEAD
1.68.4.3	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.68.4.2	23-May-2012	yamt	sync with head.
1.68.4.1	17-Apr-2012	yamt	sync with head
1.71.2.2	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.71.2.1	23-Jun-2013	tls	resync from head
1.75.2.1	10-Aug-2014	tls	Rebase.
1.82.2.1	20-Mar-2017	pgoyette	Sync with HEAD
1.83.2.1	21-Apr-2017	bouyer	Sync with HEAD
1.84.12.2	13-Apr-2020	martin	Mostly merge changes from HEAD upto 20200411
1.84.12.1	10-Jun-2019	christos	Sync with HEAD
1.84.10.2	30-Sep-2018	pgoyette	Ssync with HEAD
1.84.10.1	28-Jul-2018	pgoyette	Sync with HEAD
1.648.2.1	02-Aug-2025	perseant	Sync with HEAD

OpenGrok