This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed int overflow behavior in the security context

From: Robert Dewar <dewar at adacore dot com>
To: Paul Schlie <schlie at comcast dot net>
Cc: GCC Development <gcc at gcc dot gnu dot org>
Date: Tue, 30 Jan 2007 11:06:26 -0500
Subject: Re: Signed int overflow behavior in the security context
References: <C1E4AB47.FB78%schlie@comcast.net>

Paul Schlie wrote:

The root of this discussion was based on whether or not GCC's relatively
aggressive assumption that an undefined behavior gave it the reasonable
and useful right to presume that any expression which may be interpreted
as having undefined semantics may be presumed to either mystically never
or always occur depending on it's whim, regardless of practical reality.

Right, that's what the standard says, and what programmers should expect, and what compilers typically do in practice when optimizing at the highest level


Overall, it would seem there should be a more practical and consistent basis
applied.


Use of the passive implies some general consensual agreement to the
statement. I know you, Paul, think this is the case, but I don't see
even the beginnings of a consensus, and of the C standards
committee disagrees with this approach.

References:
- Re: Signed int overflow behavior in the security context
  - From: Paul Schlie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]