This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Help on gcc

<<I'm happy to tell you that it's impossible, on a operational system like
Solaris, Windows NT, Windows 2000, Linux and any other Unix-like system, to
"destroy the world" using a NULL pointer, because this is a logical address.
There is a Memory Management Unit to map the logical address to physical
address, what make impossible that using a NULL pointer do any harm. And I'm
just using a not too much technical language, to make it easier for you to

Well unfortunately this is a naive position. The trouble is that once
you declare certain behavior to be undefined, there is no formal bar to
a clever optimizing compiler making deductions from this fact. For example
if we have a conditional

    if (x) a; else b; 

and we can show that b results in undefined behavior, then if x is false
we can do anything we like, and in particular we can call a, so a legitimate
translation of the above is simply


once you go down this route you are on the path to ruin. For example if
the test x is password_entered_ok() then you might really be skipping
something important.

The quoted paragraph above assumes a simplistic model of translation, but
there is as far as I know nothing in the C standard requiring that
simplistic model.

This business of back propagation of erroneous behavior (as it would be
called in Ada) is quite tricky, it is not easy to formalize the rules that
prevent evil transformations of the type mentioned above.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]