This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed int overflow behavior in the security context

From: Brooks Moses <brooks dot moses at codesourcery dot com>
To: gcc at gcc dot gnu dot org
Date: Tue, 30 Jan 2007 00:05:14 -0800
Subject: Re: Signed int overflow behavior in the security context
References: <m3ps8xnpk6.fsf@multivac.cwru.edu> <C1E439DC.FB66%schlie@comcast.net>

Paul Schlie wrote:

Just as:

volatile int* port = (int*)PORT_ADDRESS;

int input = *port; supposedly invoking an undefined behavior.

is required to be well specified, effectively reading through a pointer
an un-initialized object's value, and then assigning that unspecified value
to the variable input; as otherwise the language couldn't be utilized to
write even the most hardware drivers required of all computer systems.

Now, wait just a minute here! Doesn't C's definition of "volatile" specify that things outside the program can cause the value of a volatile variable to become "determinate"? It's an obvious part of what the term means, and Fortran's definition of volatile variables most certainly includes the equivalent provision.

Thus, this code is _not_ invoking an undefined behavior if something outside the program is causing *port to become determinate (and if the C standard defines "volatile" in a reasonable way).

- Brooks

References:
- Re: Signed int overflow behavior in the security context
  - From: Paul Jarc
- Re: Signed int overflow behavior in the security context
  - From: Paul Schlie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]