This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Signed int overflow behavior in the security context
- From: prj at po dot cwru dot edu (Paul Jarc)
- To: Paul Schlie <schlie at comcast dot net>
- Cc: GCC Development <gcc at gcc dot gnu dot org>
- Date: Tue, 30 Jan 2007 00:24:53 -0500
- Subject: Re: Signed int overflow behavior in the security context
- References: <C1E439DC.FB66%schlie@comcast.net>
Paul Schlie <schlie@comcast.net> wrote:
> Paul Jarc wrote:
>> As noted in the defect report, a trap representation can have the
>> same bit pattern as a valid value. Trapness depends not just on
>> the bit pattern, but also how the bit pattern was produced.
>
> - that's not what is says
Did you read it?
# Implementations are permitted to track the origins of a bit-pattern
# and treat those representing an indeterminate value as distinct from
# those representing a determined value.
> a pointer value may be/become a trap representation [...]
That is also true, but there is more than that.
> is required to be well specified [...] as otherwise the language
> couldn't be utilized to write even the most hardware drivers
> required of all computer systems.
In a sense, the language *can't* be used to write most hardware
drivers. Drivers do invoke undefined behavior - that is, the standard
makes no guarantees about their behavior - but the particular platform
they are targeted for makes its own guarantees, so the code is still
useful, even though it is not strictly conforming C.
paul