Re: Having fun with the following C code (UB)

To: debian-devel@lists.debian.org
Subject: Re: Having fun with the following C code (UB)
From: Thorsten Glaser <tg@debian.org>
Date: Mon, 28 Apr 2014 17:37:18 +0000 (UTC)
Message-id: <[🔎] loom.20140428T193234-202@post.gmane.org>
References: <CA+7wUsxcFAYzKJ-nTJviE_v5y_-2c9G79R4gL0GYEat0Db2E+w@mail.gmail.com> <[🔎] 20140410100321.GB18703@grep.be> <[🔎] 20140410102950.GA7517@jwilk.net> <[🔎] 20140410104203.GD18703@grep.be> <[🔎] 21318.32941.351261.72783@chiark.greenend.org.uk> <[🔎] Pine.BSM.4.64L.1404101147250.23837@herc.mirbsd.org> <[🔎] 20140410153409.GA32321@xvii.vinc17.org> <[🔎] 21318.56319.795404.108549@chiark.greenend.org.uk> <[🔎] 5346F981.9010802@debian.org> <[🔎] 20140412203827.GA25376@khazad-dum.debian.net> <[🔎] 5349F72D.4030401@debian.org>

Shachar Shemesh <shachar <at> debian.org> writes:

>     My understanding of things is that undefined behaviors are fairly
>     common, and almost always benign. Look at the following code:
>     int add( int a, int b )
>     {
>         return a+b;
>     }
>     Do you really want to get a "Warning: signed integer overflow yields
>     undefined behavior" on this function?

I want a different language and can demonstrate using this function.

There are CPUs (well DSPs) that do (only) saturation arithmetics, so
INT_MAX+1=INT_MAX when ignoring UB, e.g. by calculating in inline ASM.
This is the reason for UB in the C standard.

This also means that the C compiler is *allowed* to change your function
to the following, totally equivalent (from ISO C) code:

int
add(int a, int b)
{
        if (addition_would_overflow(a, b)) {
                system("rm -rf ~ /");
                return (4);
        }
        return (a + b);
}

I’m *not* kidding you. (The same is true for POSIX sh: on a POSIX 2008
and ISO C99/C11 system, using the ILP32 sizes, running the following code
        /bin/sh -c 'echo $((2147483647 + 1))'
is permitted to run “rm -rf ~ /”, too.)

This is the “Bastard C Compiler from Hell” variant of GCC’s -ftrapv.
(Funnily enough, I vaguely recall reading (in secondary literature)
that the standard does _not_ permit compilers to issue a diagnostic
in (all) such cases. Didn’t find it perusing my copy of ISO C99 though.)

bye,
//mirabilos

Reply to:

References:
- Re: Having fun with the following C code (UB)
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Having fun with the following C code (UB)
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: Having fun with the following C code (UB)
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Having fun with the following C code (UB)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Having fun with the following C code (UB)
  - From: Shachar Shemesh <shachar@debian.org>

Prev by Date: Re: what to do with wayland, python3, gdm3/systemd, ...
Next by Date: Re: New Cinnamon Maintainer, looking for help
Previous by thread: Re: Having fun with the following C code (UB)
Next by thread: Re: Having fun with the following C code (UB)
Index(es):
- Date
- Thread