This is the mail archive of the gcc-help@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Optimisations and undefined behaviour

From: Florian Weimer <fweimer at redhat dot com>
To: Simon Wright <simon at pushface dot org>, Andrew Haley <aph at redhat dot com>
Cc: David Brown <david dot brown at hesbynett dot no>, Richard Earnshaw <Richard dot Earnshaw at foss dot arm dot com>, Segher Boessenkool <segher at kernel dot crashing dot org>, "[gcc-help]" <gcc-help at gcc dot gnu dot org>
Date: Mon, 9 Nov 2015 19:25:18 +0100
Subject: Re: Optimisations and undefined behaviour
Authentication-results: sourceware.org; auth=none
References: <563BC190 dot 7080406 at hesbynett dot no> <563C7EB6 dot 9050401 at redhat dot com> <563C9DD3 dot 9030407 at hesbynett dot no> <563F9E4C dot 5000504 at redhat dot com> <20151108193430 dot GA28206 at gate dot crashing dot org> <56407162 dot 7050106 at redhat dot com> <56408D14 dot 2090101 at redhat dot com> <5640A8D3 dot 8060706 at redhat dot com> <5640AAC5 dot 9090509 at redhat dot com> <5640ADC5 dot 4090604 at redhat dot com> <5640B40C dot 9000906 at foss dot arm dot com> <5640B51F dot 1080401 at redhat dot com> <5640B632 dot 9040802 at foss dot arm dot com> <5640BA3E dot 3030508 at redhat dot com> <5640C248 dot 7040904 at hesbynett dot no> <5640CA59 dot 8090300 at redhat dot com> <2DFFCF59-C479-4472-8233-0D3B55B8FE9C at pushface dot org>

On 11/09/2015 07:19 PM, Simon Wright wrote:

> Ada certainly has fewer UB properties than C, but Ada programs can be erroneous (anything might happen) or have bounded errors; typically from some form of “unchecked conversion”, e.g. in the embedded context reading from the wrong address and therefore reading invalid (out-of-range) values, and then not validating.

There is one curious corner case which has no immediately obvious,
localized footprint:

  <http://www.enyo.de/fw/notes/ada-type-safety.html>

Basically, it's an aliased tagged union which is updated in place.
Essentially the same thing exists in unsafe Rust:

  <http://www.enyo.de/fw/notes/unsafe-rust-type-safety.html>

These examples might seem a bit silly, but t here is a surprisingly
widespread belief among language designers that you can have type safety
without memory safety.  (Obviously the answer to that depends on what
you mean by these terms.)

Florian

References:
- Optimisations and undefined behaviour
  - From: David Brown
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: David Brown
- Re: Optimisations and undefined behaviour
  - From: Florian Weimer
- Re: Optimisations and undefined behaviour
  - From: Segher Boessenkool
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: Florian Weimer
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: Florian Weimer
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: Richard Earnshaw
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: Richard Earnshaw
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: David Brown
- Re: Optimisations and undefined behaviour
  - From: Andrew Haley
- Re: Optimisations and undefined behaviour
  - From: Simon Wright

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]