This is the mail archive of the
gcc-help@gcc.gnu.org
mailing list for the GCC project.
Re: Optimisations and undefined behaviour
- From: Florian Weimer <fweimer at redhat dot com>
- To: Simon Wright <simon at pushface dot org>, Andrew Haley <aph at redhat dot com>
- Cc: David Brown <david dot brown at hesbynett dot no>, Richard Earnshaw <Richard dot Earnshaw at foss dot arm dot com>, Segher Boessenkool <segher at kernel dot crashing dot org>, "[gcc-help]" <gcc-help at gcc dot gnu dot org>
- Date: Mon, 9 Nov 2015 19:25:18 +0100
- Subject: Re: Optimisations and undefined behaviour
- Authentication-results: sourceware.org; auth=none
- References: <563BC190 dot 7080406 at hesbynett dot no> <563C7EB6 dot 9050401 at redhat dot com> <563C9DD3 dot 9030407 at hesbynett dot no> <563F9E4C dot 5000504 at redhat dot com> <20151108193430 dot GA28206 at gate dot crashing dot org> <56407162 dot 7050106 at redhat dot com> <56408D14 dot 2090101 at redhat dot com> <5640A8D3 dot 8060706 at redhat dot com> <5640AAC5 dot 9090509 at redhat dot com> <5640ADC5 dot 4090604 at redhat dot com> <5640B40C dot 9000906 at foss dot arm dot com> <5640B51F dot 1080401 at redhat dot com> <5640B632 dot 9040802 at foss dot arm dot com> <5640BA3E dot 3030508 at redhat dot com> <5640C248 dot 7040904 at hesbynett dot no> <5640CA59 dot 8090300 at redhat dot com> <2DFFCF59-C479-4472-8233-0D3B55B8FE9C at pushface dot org>
On 11/09/2015 07:19 PM, Simon Wright wrote:
> Ada certainly has fewer UB properties than C, but Ada programs can be erroneous (anything might happen) or have bounded errors; typically from some form of “unchecked conversion”, e.g. in the embedded context reading from the wrong address and therefore reading invalid (out-of-range) values, and then not validating.
There is one curious corner case which has no immediately obvious,
localized footprint:
<http://www.enyo.de/fw/notes/ada-type-safety.html>
Basically, it's an aliased tagged union which is updated in place.
Essentially the same thing exists in unsafe Rust:
<http://www.enyo.de/fw/notes/unsafe-rust-type-safety.html>
These examples might seem a bit silly, but t here is a surprisingly
widespread belief among language designers that you can have type safety
without memory safety. (Obviously the answer to that depends on what
you mean by these terms.)
Florian