This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] C undefined behavior fix

From: Linus Torvalds <torvalds at transmeta dot com>
To: paulus at samba dot org, gcc at gcc dot gnu dot org
Cc:
Date: Fri, 4 Jan 2002 13:48:00 -0800
Subject: Re: [PATCH] C undefined behavior fix
Newsgroups: linux.egcs
Organization:
References: <87g05py8qq.fsf@fadata.bg><20020102190910.GG1803@cpe-24-221-152-185.az.sprintbbd.net><20020102133632.C10362@redhat.com><20020102220548.GL1803@cpe-24-221-152-185.az.sprintbbd.net><20020102232320.A19933@xs4all.nl><20020102231243.GO1803@cpe-24-221-152-185.az.sprintbbd.net><20020103004514.B19933@xs4all.nl><20020103000118.GR1803@cpe-24-221-152-185.az.sprintbbd.net><20020102160739.A10659@redhat.com><15411.49911.958835.299377@argo.ozlabs.ibm.com><20020103003240.A10838@redhat.com>

In article <15412.11822.811712.207946@argo.ozlabs.ibm.com> you write:
>Richard Henderson writes:
>> No.  You still have the problem of using pointer arithmetic past
>> one past the end of the object.
>> 
>> C99 6.5.6/8:
>> 
>>    If both the pointer operand and the result point to elements of the
>>    same array object, or one past the last element of the array object,
>>    the evaluation shall not produce an overflow; otherwise, the behavior
>>    is undefined.
>
>I don't have a copy of the C standard handy, but that sounds to me
>like the result of (unsigned long)(&x) - KERNELBASE is undefined.

It is not. It is implementation-defined, because the cast from the
pointer to the "unsigned long" is implementation defined (and the
subtraction is 100% well-defined, of course ;)

And note how implementation-defined does _not_ mean that the compiler
can do anything it wants.  It needs to do something documented, and the
gcc behaviour has always been to consider a pointer/integer conversion
to be a bitpattern conversion. 

The relevant quote is from 6.3.2.3:

 Any pointer may be converted to an integer type. Except as previously
 specified, the result is implementation-defined. If the result cannot be
 represented in the integer type, the behaviour is undefined.

(and none of the exceptions are true in this case - the first one
concerns the special case of the constant 0 and the "null pointer"
issue, while the second one is simply not true on gcc/ppc).

			Linus

Follow-Ups:
- Re: [PATCH] C undefined behavior fix
  - From: Paul Mackerras

References:
- [PATCH] C undefined behavior fix
  - From: Momchil Velikov
- Re: [PATCH] C undefined behavior fix
  - From: Tom Rini
- Re: [PATCH] C undefined behavior fix
  - From: Richard Henderson
- Re: [PATCH] C undefined behavior fix
  - From: Tom Rini
- Re: [PATCH] C undefined behavior fix
  - From: jtv
- Re: [PATCH] C undefined behavior fix
  - From: Tom Rini
- Re: [PATCH] C undefined behavior fix
  - From: jtv
- Re: [PATCH] C undefined behavior fix
  - From: Tom Rini
- Re: [PATCH] C undefined behavior fix
  - From: Richard Henderson
- Re: [PATCH] C undefined behavior fix
  - From: Paul Mackerras
- Re: [PATCH] C undefined behavior fix
  - From: Richard Henderson
- Re: [PATCH] C undefined behavior fix
  - From: Paul Mackerras

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]