This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Signed int overflow behavior in the security context
- From: prj at po dot cwru dot edu (Paul Jarc)
- To: Paul Schlie <schlie at comcast dot net>
- Cc: <gcc at gcc dot gnu dot org>
- Date: Sun, 28 Jan 2007 13:04:12 -0500
- Subject: Re: Signed int overflow behavior in the security context
- References: <C1E1B806.FB1C%schlie@comcast.net>
Paul Schlie <schlie@comcast.net> wrote:
> if it has an indeterminate value [...] has no bearing on an rvalue
> access to a well defined storage location
You might think so, but that's actually not true in the C standard's
terminology. It sounds like you interpret "indeterminate value" to
mean what the standard defines as "unspecified value" (3.17.3): "valid
value of the relevant type where this International Standard imposes
no requirements on which value is chosen in any instance". But
"indeterminate value" is defined differently (3.17.2), and any
reasoning based on your common-sense understanding of the term,
instead of the standard's definition of it, has no relevance to the
standard. The standard is not intuitive; it can only be understood by
careful reading.
The key concept that you seem to be missing is trap representations.
See 6.2.6.1p5, also keeping in mind that "lvalue", as used in the
standard, probably means something slightly different from what you
might expect; see 6.3.2.1p1.
paul