>>>>> "Robert" == Robert Dewar <[EMAIL PROTECTED]> writes:
Robert> Another general point is that conceptually this is not an
Robert> optimization issue at all.
Robert> The programmer writes code that is undefined according to the
Robert> standard. ...
Robert> To me, the whole notion of this vulnerability node is flawed
Robert> in that respect. You can write a lengthy and useful book on
Robert> pitfalls in C that must be avoided, but I see no reason to
Robert> turn such a book into a cert advisory, let alone pick out a
Robert> single arbitrary example on a particular compiler!
I think that comment is absolutely correct.
I would add one point: "undefined" (or the equivalent) is a term that
appears in many language standards, not just in the C standard. For
example, Algol 68 very precisely defined "undefined" (with essentially
the meaning we have discussed).
Given Robert's comment it seems to me that the right approach is to
withdraw the proposed vulnerability note entirely.
paul
