From: "Greg A. Woods" <woods@robohack.ca>
To: The Unix Heritage Society mailing list <tuhs@tuhs.org>
Subject: Re: [TUHS] History of popularity of C
Date: Wed, 27 May 2020 12:49:25 -0700 [thread overview]
Message-ID: <m1je23J-0036tPC@more.local> (raw)
In-Reply-To: <95e6e8de901c837a28b84e62556ba326@firemail.de>
[-- Attachment #1: Type: text/plain, Size: 3056 bytes --]
At Wed, 27 May 2020 18:11:33 +0200, "Thomas Paulsen" <thomas.paulsen@firemail.de> wrote:
Subject: Re: [TUHS] History of popularity of C
>
> When I'm doing C I always have the CPU and its instructions in mind.
And that's exactly what might trip you up unless you _exactly_
understand how the language standard defines the operations of the
abstract virtual machine (right down to the implications of every
sequence point in the code); how compilers and optimizers do and (more
importantly) do not work when mapping the abstract virtual machine
operations into real-world machine instructions; and what how _all_
instances of "undefined behaviour" can arise, and exactly what the
optimizer is allowed to do when and if it spots UB conditions in the
code.
A big part of the problem is that the C Standard mandates compilation
will and must succeed (and allows this success to be totally silent too)
even if the code contains instances of undefined behaviour. This means
that the successful execution of the generated code may depend on what
optimization level was chosen. Code that does security tests on input
values might be entirely and silently eliminated by the optimizer
because of some innocuous-seeming UB instance, and this is exactly what
has happened in the Linux kernel, for example (probably more than once).
UB can be introduced quite innocently just by moving sequence points in
variable references in ways that are not necessarily obvious even to
seasoned programmers (and indeed "seasoned" programmers are often the
ones who's old-fashioned coding habits might lead to introduction of
serious problems in such a way).
I've found dozens of instances of UB in mature and well tested code, and
sometimes only by luck of having chosen the "right" compiler and enabled
its feature of introducing illegal instructions in places where UB might
occur, _and_ having had the luck to test in such a way as to encounter
the specific code path where this UB occurred.
I would claim it's truly safer now to write C without understanding the
underlying mechanics of the CPU and memory, but rather by just paying
very close attention to the detailed semantics of the language,
understanding only the abstract virtual C machine, and hoping your
compiler will at least warn if anything even remotely suspicious is done
in your code; and lastly (but perhaps most importantly) avoiding like
the plague any coding constructs which might make UB harder to spot
(e.g. never ever initialize local variables with their definition when
pointers are involved).
Unfortunately the new "most advanced" C compilers also make it quite a
bit more difficult for those of us writing C code that must have
specific actions on the bare metal hardware, e.g. in embedded systems,
kernels, hardware drivers, etc.; including especially where UB detection
tools are far more difficult to use.
--
Greg A. Woods <gwoods@acm.org>
Kelowna, BC +1 250 762-7675 RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Avoncote Farms <woods@avoncote.ca>
[-- Attachment #2: OpenPGP Digital Signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
next prev parent reply other threads:[~2020-05-27 19:50 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-21 15:27 Tyler Adams
2020-05-21 16:10 ` Toby Thain
2020-05-21 16:30 ` Larry McVoy
2020-05-21 17:22 ` John Foust
2020-05-21 20:17 ` Toby Thain
2020-05-21 16:43 ` Tony Finch
2020-05-21 17:35 ` arnold
2020-05-21 19:16 ` CHARLES KESTER
2020-05-21 20:33 ` Thomas Paulsen
2020-05-21 20:09 ` Toby Thain
2020-05-21 20:12 ` Tony Finch
2020-05-22 8:28 ` David Arnold
2020-05-21 20:07 ` Toby Thain
2020-05-21 20:56 ` Clem Cole
2020-05-21 23:45 ` Toby Thain
2020-05-21 23:57 ` Richard Salz
2020-05-22 0:17 ` Toby Thain
2020-05-22 4:10 ` John Gilmore
2020-05-22 14:11 ` Larry McVoy
2020-05-22 14:34 ` Richard Salz
2020-05-22 14:17 ` Larry McVoy
2020-05-22 7:42 ` arnold
2020-05-22 23:50 ` Greg A. Woods
2020-05-23 7:28 ` Andy Kosela
2020-05-23 17:08 ` Clem Cole
2020-05-23 17:22 ` Richard Salz
2020-05-23 18:42 ` Derek Fawcus
2020-05-23 19:28 ` Michael Kjörling
2020-05-26 4:21 ` Dave Horsfall
2020-05-26 4:32 ` Ed Carp
2020-05-26 8:21 ` Rob Pike
2020-05-26 14:44 ` Clem Cole
2020-05-26 14:32 ` Clem Cole
2020-05-26 19:50 ` Greg A. Woods
2020-05-26 21:48 ` Thomas Paulsen
2020-05-26 22:36 ` Greg A. Woods
2020-05-27 14:37 ` Ronald Natalie
2020-05-27 15:09 ` Clem Cole
2020-05-27 16:11 ` Thomas Paulsen
2020-05-27 19:49 ` Greg A. Woods [this message]
2020-05-27 20:13 ` Larry McVoy
2020-05-27 20:23 ` Richard Salz
2020-05-27 21:00 ` Nevin Liber
2020-05-27 23:17 ` Greg A. Woods
2020-06-05 20:57 ` Dave Horsfall
2020-06-05 21:40 ` Nemo Nusquam
2020-06-05 21:47 ` Richard Salz
2020-06-05 22:01 ` Bakul Shah
2020-06-06 20:49 ` Ed Carp
2020-06-06 21:08 ` Thomas Paulsen
2020-06-06 21:13 ` Larry McVoy
2020-06-06 22:27 ` Ed Carp
2020-06-06 23:14 ` Tyler Adams
2020-06-07 5:57 ` arnold
2020-06-07 9:22 ` Andy Kosela
2020-06-07 9:39 ` Ed Carp
2020-06-07 10:02 ` Brantley Coile
2020-06-07 11:30 ` Thomas Paulsen
2020-06-07 15:26 ` Clem Cole
2020-06-07 15:52 ` Larry McVoy
2020-06-08 1:02 ` Adam Thornton
2020-06-08 8:04 ` Thomas Paulsen
2020-06-07 17:26 ` Bakul Shah
2020-06-07 17:35 ` Bakul Shah
2020-06-07 18:50 ` Nemo Nusquam
2020-06-07 21:15 ` Chris Torek
2020-06-07 22:16 ` Dan Cross
2020-06-07 22:56 ` Chris Torek
2020-06-07 23:14 ` [TUHS] Comparative languages Warren Toomey
2020-06-08 0:24 ` [TUHS] History of popularity of C Bram Wyllie
2020-06-08 5:48 ` Lars Brinkhoff
2020-06-06 23:31 ` Bakul Shah
2020-06-07 0:12 ` Greg A. Woods
2020-06-07 11:04 ` emanuel stiebler
2020-06-07 11:33 ` Thomas Paulsen
2020-05-26 15:19 ` Toby Thain
2020-05-26 16:00 ` Thomas Paulsen
2020-05-26 16:21 ` Christopher Browne
2020-05-26 19:29 ` Thomas Paulsen
2020-05-26 19:55 ` Dan Cross
2020-05-26 20:00 ` Jon Steinhart
2020-05-21 16:18 ` Jim Capp
2020-05-21 18:58 ` A. P. Garcia
2020-05-21 19:02 ` Clem Cole
2020-05-21 18:28 Noel Chiappa
2020-05-21 18:44 ` Thomas Paulsen
2020-05-21 19:06 ` Paul Winalski
2020-05-21 20:27 ` Thomas Paulsen
2020-05-22 8:52 ` Tom Ivar Helbekkmo via TUHS
2020-05-22 9:51 ` Tyler Adams
2020-05-22 11:09 ` arnold
2020-05-22 11:15 ` Tyler Adams
2020-05-22 18:40 ` John Gilmore
2020-05-22 19:01 ` Toby Thain
2020-05-22 19:35 ` Larry McVoy
2020-05-22 19:31 ` Larry McVoy
2020-05-22 20:19 ` Michael Kjörling
2020-05-22 14:59 ` Toby Thain
2020-05-22 11:58 ` A. P. Garcia
2020-06-06 21:49 Doug McIlroy
2020-06-06 21:55 ` Warner Losh
2020-06-08 13:56 ` Derek Fawcus
2020-06-08 15:20 ` Richard Salz
2020-06-08 15:30 ` Dan Cross
2020-06-08 16:32 ` Tony Finch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1je23J-0036tPC@more.local \
--to=woods@robohack.ca \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).