On 2018-05-10 14:35, Wol's lists wrote:
> > Code may be "security-sensitive" but buggy. Is the compiler writer
> > really responsible for guessing what the programmer meant to
> > accomplish with buggy code?
>
> What do you mean by "buggy"?
Relying on UB, or not telling the compiler the whole truth. You have a
point in that I should have been more specific.
> So if the compiler can't detect undefined behaviour, how the hell do
> you expect the programmer to?
Number one reason is that UB is at least in part a run-time concept.
Clearly the compiler cannot try all possible inputs to a function and
run a simulation on them. The programmer _can_ insert guard code at the
calling site to prevent the undefined cases from happening.
A "whole program" compiler (ie. one that analyzes code across source
modules) may be able to detect the _possibility_ of UB. But if you put
such a compiler to work on the kernel (for example), you can probably
take a short vacation while you await the result ;-)
> Oh - and please explain - what is buggy about wanting the following
> program to compile and actually *do* what the code is asking, rather
> than compiling to a no-op ... and 0x00ff is the address of your
> network adaptor? Do you want THAT to be optimised away "because it
> doesn't do anything"?
> int main () {
> int a, b, c;
> a = 2;
> b = 4;
> c = 6;
> }
> int main () {
> void *a;
> a = 0x00ff;
> *a = 6;
> }
This is actually not UB, but a different problem. Yes, if I write it
like this, I want it eliminated. When I want to keep it, I will use
the "volatile" keyword which is in the language precisely for this
purpose.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
