This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed into overflow behavior in the security context

From: Robert Dewar <dewar at adacore dot com>
To: Paul Schlie <schlie at comcast dot net>
Cc: Paul Jarc <prj at po dot cwru dot edu>, GCC Development <gcc at gcc dot gnu dot org>
Date: Tue, 30 Jan 2007 11:04:40 -0500
Subject: Re: Signed into overflow behavior in the security context
References: <C1E49DF7.FB73%schlie@comcast.net>

Paul Schlie wrote:

- yes, and thereby inconsistent with reality, and thereby wrong.
 (as may and may not are equivalent possibilities)


The standard is the only reality here. If you cannot deduce semantic
behavior from the semantic model of the standard, then you cannot
deduce it. You are not allowed to augment the standard with
reasoning based on what you think is consistent with the reality
of chips and compilers.

A test is only valid if it has fully defined behavior according
to the standard.

An implementation is only invalid if there is a valid test
that fails.

This does not preclude the possibility of having a given C
compiler define behavior in an undefined situation, but I
don't see any support for trying to define the effect of
referencing uninitialized variables.

THe signed overflow situation is indeed different, but if
you try to make a general argument that all undefined
behavior should be defined in gcc, then you have no hope
of any consensual agreement to such a proposal, or even
a significant minority agreement.

References:
- Re: Signed into overflow behavior in the security context
  - From: Paul Schlie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]