Hi Matthew, At 2023-07-29T10:38:46-0400, Matthew House wrote: > On Sat, Jul 29, 2023 at 8:29 AM Alejandro Colomar <alx@xxxxxxxxxx> wrote: > > I lied. I should have said that it writes what is safe to write, > > and then uses a somewhat "safer" version of undefined behavior > > (compared to other string copying functions). The standard > > differentiates "bounded UB", which doesn't perform out-of-bounds > > stores, from "critical UB", which performs them. In usual jargon, > > UB is UB, and there's no mild form of UB; however, the standard > > prescribes a bounded form of UB. However, I'm not sure compilers > > --and specifically GCC-- follow such a prescription of bounded UB, > > so it's better to consider all UB to be critical UB, just to fall on > > the safe side. > > Do you have a source for this? As far as I am aware, the standards > have always followed the "UB is UB" philosophy, which is why > standards-oriented people keep trying to reiterate it. I've never > heard of anything like "bounded UB" vs. "critical UB". The Ada language standard distinguishes "bounded errors" from "erroneous execution". http://www.ada-auth.org/standards/12rm/html/RM-1-1-5.html I've been after Alex for a while to read more about Ada. Maybe he has, and its (usually excellent) approach to attacking problems is seeping into his consciousness. ;-) Nevertheless I would agree that if WG14 refuses to apply such categories to the C language definition, it's not going to help most users to do so in man pages. I suppose the best route for such a distinction to get into the language is via the GCC and Clang compilers. Regards, Branden
Attachment:
signature.asc
Description: PGP signature
