Issue #108 wontfix

cffi doesn't error on integer width mismatches

Alex Gaynor
created an issue
import cffi

ffi = cffi.FFI()
ffi.cdef("""
void f(long long);
""")
ffi.verify("""
void f(short x) {
}
""")

Executes without warning or error.

Comments (6)

  1. Alex Gaynor reporter

    It seems more dangerous than useful, the only advantage is that you'll defer the error until later. Instead of getting an error at verify time, you'll get a (probably very confusing) error when you try to call the function with too large of a value.

  2. Armin Rigo

    I'm sure there are indeed situations where it is the case. It was designed with a different goal in mind: the situation where we don't know exactly what type is used in the C declaration. For such cases it is unavoidable.

    It could be improved, e.g. by having a warning or a runtime check if the declared type or actual value is too large. But I don't know how to implement it. If you have a clue, feel free :-)

  3. Alex Gaynor reporter

    I think the other issue (about compiling warnings free) is related, if you're warnings free you can enable -Wconversion to make cases like this an error (gcc/clang are silent by default about this issue otherwise)

  4. Armin Rigo

    It seems like the current situation is precisely what you'd get in C: by default integers are silently truncated under your feet, but you can enable -Wconversion. I'd be fine with a runtime check that the passed value actually fits the smaller type of the called function, but as I said I don't know if it's possible to implement such logic. If not, we might simply close this report as "won't fix".

  5. Log in to comment