Is ISO memcmp("abc","ade",10000) safe?

[Roger Sayle <roger at www dot eyesopen dot com>]

I'd like to ask the C/C++ language lawyers about their interpretation
of the definitions of memcmp given in the relevant ANSI, ISO, POSIX,
SVID and BSD specifications.

Is memcmp("abc","ade",10000) safe by the standards?

The question has come up following the discussion of GNATS PR
optimization/10339, which concerns GCC's optimization of strncmp
into memcmp for performance reasons.  The issue is that although
"strncmp" is not allowed to access/fault memory beyond the first
byte that differs, it is unclear whether "memcmp" has the same
requirement.

If this is indeed the case, GCC's current transformation of
strncmp("abc","ade",10000) into memcmp("abc","ade",10000),
for example if it knows bytes must differ before the first NUL
byte is encountered, is not guaranteed to be safe.  i.e. there
is nothing in the language standards to prevent the arguments
to memcmp from being inefficiently compared from offset 9999
backwards.

Although this is unlikely, and most system library and backend
instrinsic implementations of memcmp have the appropriate behaviour,
it would mean that GCC may potentially require TARGET_UNSAFE_MEMCMP
as a target macro to inhibit this transformation should we ever
encounter a conformant but unusual system.


I must admit that when I implemented this transformation, that was
suggested on the "projects for beginners" WWW page, I had assumed
it was totally safe.  However without access to the relevant standards
I'm now concerned that although its safe on the many platforms I have
access to, this isn't universally guaranteed to be the case.

Many thanks in advance for your words of wisdom.

Roger
--
Roger Sayle,                         E-mail: roger at eyesopen dot com
OpenEye Scientific Software,         WWW: http://www.eyesopen.com/
Suite 1107, 3600 Cerrillos Road,     Tel: (+1) 505-473-7385
Santa Fe, New Mexico, 87507.         Fax: (+1) 505-473-0833