[PATCH] doc: clarify the situation with pointer arithmetic

Uecker, Martin Martin.Uecker@med.uni-goettingen.de
Thu Jan 30 17:29:00 GMT 2020 

Am Donnerstag, den 30.01.2020, 16:50 +0000 schrieb Michael Matz:
> Hi,
> 
> On Thu, 30 Jan 2020, Uecker, Martin wrote:
> 
> > > guarantees face serious implementation difficulties I think
> > > so the only alternative to PVNI (which I think is implementable
> > > but at a optimization opportunity cost) is one that makes
> > > two pointers with the same value always have the same
> > > provenance (and otherwise make the behavior undefined).
> > 
> > This would need to come with precise rules about
> > when the occurance of two such pointers is UB,
> > e.g. comparisons of such pointers, or that
> > two such pointers are cast to int in the same
> > execution.
> > 
> > The mere existance of such pointers should be
> > quite common and should not already be UB.
> > 
> > But I am uncomfortable with the idea that
> > comparison of pointers is always allowed except
> > for some special case which then is UB. This
> > might cause are and very difficult to find bugs.
> 
> As Richi said, the comparison itself wouldn't be UB, all comparisons would 
> be allowed.  But _if_ the pointers compare equal, they must have same (or 
> overlapping) provenance (i.e. when they have not, then _that_ is UB).

Sorry, I still don't get it.  In the following example,

int a[1];
int b[1];

it is often the case that &a[1] and &b[0] compare equal
because they have the same address but the pointer
have different provenance.  

Or does there need to be an actual evaluation of a comparison
operations? In this case, I do not see the difference to what
I said.


Best,
Martin

> > > > Others proposed to make the result of the comparison unspecified, 
> > > > but I think this does not help.
> > > 
> > > Indeed.  It's not unspecified, it's known to evaluate to false. I 
> > > think there's existing wording in the standard that allows it to 
> > > evaluate to true for pointers one-after-the-object, that would need to 
> > > be changed of course.
> > 
> > The problem is that if the comparison if not optimized
> > and the pointers have the same address, then it would
> > evaluate to true at run-time. If I understand correctly,
> > you somehow want to make this case be UB, but I haven't
> > quite understood how (if it is not the comparison of such
> > pointers that invokes UB).
> 
> By saying something like "if two pointers compare equal they must have the 
> same provenance, otherwise the behaviour is undefined".

> (I don't know if this definition would or would not help with the problems 
> PVNI poses to compilers).
> 
> 
> Ciao,
> Michael.

More information about the Gcc-patches mailing list