This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] C undefined behavior fix
- From: dewar at gnat dot com
- To: paulus at samba dot org, velco at fadata dot bg
- Cc: gcc at gcc dot gnu dot org, linux-kernel at vger dot kernel dot org,linuxppc-dev at lists dot linuxppc dot org, trini at kernel dot crashing dot org
- Date: Wed, 2 Jan 2002 18:53:18 -0500 (EST)
- Subject: Re: [PATCH] C undefined behavior fix
<<One of the reasons why C is a good language for the kernel is that its
memory model is a good match to the memory organization used by the
processors that linux runs on. Thus, for these processors, adding an
offset to a pointer is in fact simply an arithmetic addition. Combine
that with the fact that the kernel is far more aware of how stuff is
laid out in its virtual memory space than most C programs, and you can
see that it is reasonable for the kernel to do pointer arithmetic
which might be undefined according to the strict letter of the law,
but which in fact works correctly on the class of processors that
Linux runs on, for all reasonable compiler implementations.
>>
The concept of "all reasonable compiler implementations" is a very dubious
one. There is nothing to stop a valid C compiler from building assertions
based on the quoted paragraph from the C standard, e.g. it could derive
valid range information from knowing that an offset was constrained to
certain limits. So writing bogus C like this is risky, and as compilers
get more sophisticated, one is likely to hear screams, but they are not
justified in my opinion. There is no excuse for such abuse.