This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: signed is undefined and has been since 1992 (in GCC)
- From: Gabriel Dos Reis <gdr at integrable-solutions dot net>
- To: Florian Weimer <fw at deneb dot enyo dot de>
- Cc: Robert Dewar <dewar at adacore dot com>, Olivier Galibert <galibert at pobox dot com>, Dave Korn <dave dot korn at artimi dot com>, "'Andrew Haley'" <aph at redhat dot com>, "'Andrew Pinski'" <pinskia at physics dot uc dot edu>, "'gcc mailing list'" <gcc at gcc dot gnu dot org>
- Date: 02 Jul 2005 20:58:28 +0200
- Subject: Re: signed is undefined and has been since 1992 (in GCC)
- References: <20050628171752.GE52889@dspnet.fr.eu.org><SERRANO4Hqx6zrWWqGY00000275@SERRANO.CAM.ARTIMI.COM><20050628180203.GG52889@dspnet.fr.eu.org><42C19C5A.2040705@adacore.com><20050628191746.GJ52889@dspnet.fr.eu.org><42C1A318.4040407@adacore.com> <8764vt2kq3.fsf@deneb.enyo.de>
Florian Weimer <fw@deneb.enyo.de> writes:
| * Robert Dewar:
|
| > I am puzzled, why would *ANYONE* who knows C use int
| > rather than unsigned if they want wrap around semantics?
|
| Both OpenSSL and Apache programmers did this, in carefully reviewed
| code which was written in response to a security report. They simply
| didn't know that there is a potential problem. The reason for this
| gap in knowledge isn't quite clear to me.
|
| Probably it's hard to accept for hard-code C coders that a program
| which generates correct machine code with all GCC versions released so
| far (modulo bugs in GCC) can still be illegal C and exhibit undefined
We need to be careful not to to substitute "illegal" for "undefined
behaviour". GCC is not a court.
Part from that, I maintain that we should not apply "undfeined
behaviour" whole sale.
-- Gaby