This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] C undefined behavior fix

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Linus Torvalds <torvalds at transmeta dot com>
Cc: dewar at gnat dot com, gcc at gcc dot gnu dot org
Date: Sat, 05 Jan 2002 00:24:46 +0100
Subject: Re: [PATCH] C undefined behavior fix
References: <200201042203.g04M3FW08270@penguin.transmeta.com>

Linus Torvalds <torvalds@transmeta.com> writes:

> In article <20020104121403.D7262F3123@nile.gnat.com> you write:
>>
>>We can't avoid people writing wrong code, but we can avoid debate as to
>>whether the code is right or wrong :-)
>
> However, gcc clearly does the wrong thing with strcpy() right now.

The strcpy() problem is really just a symptom.

> And the gcc people claim it is undefined behaviour, which is not
> actually true if you just add two casts (which won't actually change the
> low-level RTL at all).

The code presented by Momchil Velikov *is* *clearly* *undefined*. And
I think GCC is not obliged to follow your expectation even if there
are additional casts.

> It is implementation-defined, and documented by gcc to do the
> bit-wise arithmetic

No, there is an exception (I quote from an outdated checkout, so this
hasn't just been committed to the repository, although it fits us so
neatly):

| When casting from pointer to integer and back again, the resulting
| pointer must reference the same object as the original pointer,
| otherwise the behavior is undefined.  That is, one may not use
| integer arithmetic to avoid the undefined behavior of pointer
| arithmetic as proscribed in 6.5.6/8.

The message to programmers is extremely clear: don't do that, or it
will probably hurt you.

There might be some exercises for language lawyers lurking here (there
are several ways to make this fit into the gaps in section 6.3.2.3).

> that was exactly what the linker people expected.

We all know that nobody reads GCC documentation.

> The gcc-3 optimization is _bogus_ as per the C standard,

I'm quite sure it isn't.  The gaps of 6.3.2.3 can be used to justify
the cited constraint.

Of course, the C standard does not properly formulate what
"implementation-defined behavior" and the documentation requirement
associated with it actually mean, so we have plenty of room anyway.

> and has to be disabled at least for the case where the pointer was
> cast to an integer.

Please show us the proof.

References:
- Re: [PATCH] C undefined behavior fix
  - From: Linus Torvalds

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]