Hi Branden, On 2023-07-29 21:39, G. Branden Robinson wrote: > Hi Matthew, > > At 2023-07-29T10:38:46-0400, Matthew House wrote: >> On Sat, Jul 29, 2023 at 8:29 AM Alejandro Colomar <alx@xxxxxxxxxx> wrote: >>> I lied. I should have said that it writes what is safe to write, >>> and then uses a somewhat "safer" version of undefined behavior >>> (compared to other string copying functions). The standard >>> differentiates "bounded UB", which doesn't perform out-of-bounds >>> stores, from "critical UB", which performs them. In usual jargon, >>> UB is UB, and there's no mild form of UB; however, the standard >>> prescribes a bounded form of UB. However, I'm not sure compilers >>> --and specifically GCC-- follow such a prescription of bounded UB, >>> so it's better to consider all UB to be critical UB, just to fall on >>> the safe side. >> >> Do you have a source for this? As far as I am aware, the standards >> have always followed the "UB is UB" philosophy, which is why >> standards-oriented people keep trying to reiterate it. I've never >> heard of anything like "bounded UB" vs. "critical UB". > > The Ada language standard distinguishes "bounded errors" from "erroneous > execution". > > http://www.ada-auth.org/standards/12rm/html/RM-1-1-5.html > > I've been after Alex for a while to read more about Ada. Maybe he has, > and its (usually excellent) approach to attacking problems is seeping > into his consciousness. ;-) It is an excellent approach. In this case, while I read some of that, I didn't read the errors part. I found those definition of UB by chance, while trying to explain to a coworker of mine that some code similar to the following one is not safe at all: ```c end = p + size; p += snprintf(p, size, "a very long string that is truncated"); if (p > end) p = end; ``` I didn't succeed. He still believes that to be fine. :/ Cheers, Alex > > Nevertheless I would agree that if WG14 refuses to apply such categories > to the C language definition, it's not going to help most users to do so > in man pages. I suppose the best route for such a distinction to get > into the language is via the GCC and Clang compilers. > > Regards, > Branden -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
