Re: NULL pointer arithmetic issues

To: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>, Roman Lebedev <lebedev.ri%gmail.com@localhost>
Subject: Re: NULL pointer arithmetic issues
From: Kamil Rytarowski <n54%gmx.com@localhost>
Date: Sun, 8 Mar 2020 21:58:05 +0100

On 08.03.2020 19:30, Taylor R Campbell wrote:
>> Date: Sun, 8 Mar 2020 20:52:29 +0300
>> From: Roman Lebedev <lebedev.ri%gmail.com@localhost>
>>
>> so we are allowed to lower that in clang front-end as:
>>
>> int
>> statu(char *a)
>> {
>>   __builtin_assume(a != NULL);
>>   a += getuid() - geteuid();
>>   __builtin_assume(a != NULL);
> 
> Allowed, yes.
> 
> What I'm wondering is whether this is something Clang will actually do
> -- and whether it is for any serious reason other than to capriciously
> screw people who write software for real machines instead of for the
> pure C abstract machine to the letter of the standard (and if so,
> whether -fno-delete-null-pointer-checks is enough to disable it).
> 
> Evidently making that assumption _not_ allowed in C++, so presumably
> it's not important for performance purposes.  It's also not important
> for expressive purposes, because I could just as well have written
> assert(a != NULL).
> 
>>> I was told by Roman that it was checked during a C committee meeting and
>>> confirmed to be an intentional UB.
>> Correction: Aaron Ballman asked about this in non-public WG14 reflector
>> mailing list, it wasn't a committee meeting, but the point still stands.
> 
> What does `intentional' UB mean, exactly?  What is the intent behind
> having p + 0 for null p be undefined in C, while the C++ committee saw
> fit to define it?
> 
> Is it because there technically once existed C implementations on
> bizarre architectures with wacky arithmetic on pointers like Zeta-C,
> or is it because there are actual useful consequences to inferring
> that p must be nonnull if we evaluate p + 0?
> 
> I ask because in principle a conformant implementation could compile
> the NetBSD kernel into a useless blob that does nothing -- we rely on
> all sorts of behaviour relative to a real physical machine that is not
> defined by the letter of the standard, like inline asm, or converting
> integers from the VM system's virtual address allocator into pointers
> to objects.  But such an implementation would not be useful.
> 

Aaron (as he was mentioned by name), is a voting member in the C++
committee and actively working on harmonizing C and C++ standards. There
is a good chance that C and C++ will be synced here (they definitely
should).

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: NULL pointer arithmetic issues
  - From: Martin Husemann

References:
- Re: NULL pointer arithmetic issues
  - From: Taylor R Campbell

Prev by Date: PG_BUSY and read locks in the VM system
Next by Date: Re: NULL pointer arithmetic issues
Previous by Thread: Re: NULL pointer arithmetic issues
Next by Thread: Re: NULL pointer arithmetic issues
Indexes:

Home | Main Index | Thread Index | Old Index