From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,HTML_OBFUSCATE_05_10, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 17503 invoked from network); 27 May 2020 21:02:00 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 27 May 2020 21:02:00 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id D67439C912; Thu, 28 May 2020 07:01:56 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 725439C600; Thu, 28 May 2020 07:01:38 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="NfM7eHwG"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 6E2029C5E8; Thu, 28 May 2020 07:01:36 +1000 (AEST) Received: from mail-ua1-f47.google.com (mail-ua1-f47.google.com [209.85.222.47]) by minnie.tuhs.org (Postfix) with ESMTPS id D119C9C5E5 for ; Thu, 28 May 2020 07:01:35 +1000 (AEST) Received: by mail-ua1-f47.google.com with SMTP id g34so8133569uah.4 for ; Wed, 27 May 2020 14:01:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to; bh=bGmpqz9CDI9AHMhRd/awbQU71D6gi6xs/CIzLkONZlc=; b=NfM7eHwGKW//qOKvB9ohxDbxilIImKqWuW3IdCH/g/Q8ufBR5ry8iBDt0wZ229vtOK Y4YVL0g8cbGbbmxSARxnZXttahdJWRPtIlksflRglAODW3hDEQTwvXFaqH4TqOSE84ET ttxzhN94Of3/1NBxm1NM7GcktFgPOnuv9KJg82LMxOEsOSdnp6rjowi57y0+t12e2vBN xDbjiNbWBO4cV05rBxj3Law7Iv+WTzdzup2qZ2Eki38iJ3dSxNBwY8pFWBl8yhg2RX6O KSNWMvIfyJuueinjShSGXkC9GYWdM0eSk6iYkmGWDij707G3UnGbnVoK/d2Rkx7wKPgd 9RnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to; bh=bGmpqz9CDI9AHMhRd/awbQU71D6gi6xs/CIzLkONZlc=; b=nz2trQzFf7Z2RaDiwXsrbdosu/uzZjCeAIbmSiMxLHB4yO0c1mmumMDrJe+i8a9UpA tOujERFva2cntesVtRP8qmaA9eSHhXcXkdP9WVPXkr182076Sk/i7yEGBS7+X7kK6STK GrmD7Zb9454RsUOAgO8Ytdo8P+y1D9sVskR9PMac0OJvM9ptoygPT4XsuwmgUD8E8Nv8 EC+mJxbD4zPq2s6bJyziEukY/IMiZRcRuczYY7HpD3lUW0DhAZCtCQESP6O3gLOeLXGJ NSycqAKRg9sqeBntN/bD8BjMoRrbaFOadsGuQIWsDIgEID3zQguvGbbNa6Iw/idqTviZ S8vA== X-Gm-Message-State: AOAM530GhUmnWS1FhfPtZmPUey+wDWb8fv8pXE0+Krwha/jHayVangiH s4jIiejitlaJMtYRnvyUHO46/Lnn8y5Am4Jl+r2caR1J4oAjoQ== X-Google-Smtp-Source: ABdhPJx3Tyt9ioXmz8k8VpYGOrwfAaRrg69wJzkxXcWR3HVwLJfpIgritJoIp6pMJfPZlX+IvK19teI5UsTYQuPAyj0= X-Received: by 2002:ab0:5ac8:: with SMTP id x8mr6288669uae.98.1590613294430; Wed, 27 May 2020 14:01:34 -0700 (PDT) MIME-Version: 1.0 References: <8a2e9b1b-8890-a783-5b53-c8480c070f2e@telegraphics.com.au> <95e6e8de901c837a28b84e62556ba326@firemail.de> In-Reply-To: From: Nevin Liber Date: Wed, 27 May 2020 16:00:57 -0500 Message-ID: To: The Unix Heritage Society mailing list Content-Type: multipart/alternative; boundary="00000000000063c02405a6a784a2" Subject: Re: [TUHS] History of popularity of C X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: nevin@eviloverlord.com Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --00000000000063c02405a6a784a2 Content-Type: text/plain; charset="UTF-8" On Wed, May 27, 2020 at 2:50 PM Greg A. Woods wrote: > A big part of the problem is that the C Standard mandates compilation > will and must succeed (and allows this success to be totally silent too) > even if the code contains instances of undefined behaviour. No it does not. To quote C11: undefined behavior behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements NOTE Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message). Much UB cannot be detected at compile time. Much UB is too expensive to detect at run time. Take strlen(const char* s) for example. s must be a valid pointer that points to a '\0'-terminated string. How would you detect that at compile time? How would you set up your run time to detect that and error out? How would you design your codegen and runtime to detect and error out when UB is invoked in this code: #include #include void A(const char* a, const char* b) { printf("%zu %zu\n", strlen(a), strlen(b)); } // Separate compilation unit int main() { const char a[] = {'A'}; const char b[] = {'\0'}; A(a, b); } -- Nevin ":-)" Liber iber@gmail.com> +1-847-691-1404 --00000000000063c02405a6a784a2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, May 27, 2020 at 2:50 PM Greg A. Woods <woods@robohack.ca> wrote:
A big part of the problem is that the C S= tandard mandates compilation
will and must succeed (and allows this success to be totally silent too) even if the code contains instances of undefined behaviour.=C2=A0

No it does not.

To quote C1= 1:

undefined behavior
behavior, upon use= of a nonportable or erroneous program construct or of erroneous data, for = which this International Standard imposes no requirements

NOTE Possible undefined behavior ranges from ignoring the situation= completely with unpredictable results, to behaving during translation or p= rogram execution in a documented manner characteristic of the environment (= with or without the issuance of a diagnostic message), to terminating a tra= nslation or execution (with the issuance of a diagnostic message).


Much UB cannot be detected at compile time.= =C2=A0 Much UB is=C2=A0too expensive to detect at run time.

<= /div>
Take strlen(const char* s) for example. =C2=A0s must be a valid p= ointer that points to a '\0'-terminated string.=C2=A0 How would you= detect that at compile time?=C2=A0 How would you set up your run time to d= etect that and error out?

How would you design you= r codegen and runtime to detect and error out when UB is invoked in this co= de:

#include=C2=A0<stdio.h>
#include=C2=A0<= string.h>

void=C2=A0A(const=C2= =A0char* a,=C2=A0const=C2=A0cha= r* b) {
=C2=A0 =C2=A0 printf("%zu %zu\n", strlen(a), strlen(b));
}
// Separate compilation unit=
int=C2=A0main()= {
=C2=A0 =C2=A0 co= nst=C2=A0char=C2=A0a[] =3D= {'A'};
=C2=A0 =C2=A0 const=C2=A0char=C2=A0b[] =3D {'\0'};

=C2=A0 =C2=A0 A= (a, b);
}
--
=C2=A0Nev= in ":-)" Liber=C2=A0 <mailto:nliber@gmail.com>=C2=A0 +1-847-691-1404
<= /div>
--00000000000063c02405a6a784a2--