On Sat, Jul 29, 2023 at 10:47 AM Lennart Jablonka <humm@xxxxxxxxx> wrote: > Quoth Matthew House: > >On Sat, Jul 29, 2023 at 8:29 AM Alejandro Colomar <alx@xxxxxxxxxx> wrote: > >> I lied. I should have said that it writes what is safe to write, and > >> then uses a somewhat "safer" version of undefined behavior (compared > >> to other string copying functions). The standard differentiates > >> "bounded UB", which doesn't perform out-of-bounds stores, from > >> "critical UB", which performs them. In usual jargon, UB is UB, and > >> there's no mild form of UB; however, the standard prescribes a bounded > >> form of UB. However, I'm not sure compilers --and specifically GCC-- > >> follow such a prescription of bounded UB, so it's better to consider > >> all UB to be critical UB, just to fall on the safe side. > > > >Do you have a source for this? As far as I am aware, the standards have > >always followed the "UB is UB" philosophy, which is why standards-oriented > >people keep trying to reiterate it. I've never heard of anything like > >"bounded UB" vs. "critical UB". C17 draft N2176 provides no such > >distinction in its definition: > > Quoth Alejandro Colomar: > >References: > > > ><https://port70.net/~nsz/c/c11/n1570.html#L.2> > > Looks like a reference to me. Ah, thank you, my apologies; it's my fault for somehow failing to notice that in the email. And then I looked through all the WG14 documents, but didn't think to just try a full-text search in the standard. > Yes, UB is UB. The optional Annex L on Analyzability does define > bounded and unbounded UB. No, you don’t care about them. Yes, > that is standard terminology. No, your implementation doesn’t > define __STDC_ANALYZABLE__. Yes, that terminology can be useful. I'm actually somewhat surprised that Annex L hasn't ever come up in the recurring debates over whether UB is good or bad or interpreted too broadly by implementations or whatever. Perhaps it's because even though Annex L defines the distinction, it doesn't give any requirements (and only gives broad suggestions) to implementations on how the two should be treated differently. What would defining __STDC_ANALYZABLE__ even imply? Thank you, Matthew House
