Re: [PATCH] C undefined behavior fix

From: Paul Mackerras (paulus@samba.org)
Date: Thu Jan 03 2002 - 05:10:54 EST


Richard Henderson writes:

> On Thu, Jan 03, 2002 at 01:33:27PM +1100, Paul Mackerras wrote:
> > I look forward to seeing your patch to remove all uses of
> > virt_to_phys, phys_to_virt, __pa, __va, etc. from arch/alpha... :)
>
> I don't dereference them either, do I?

Does that matter? To quote your earlier message:

> No. You still have the problem of using pointer arithmetic past
> one past the end of the object.
>
> C99 6.5.6/8:
>
> If both the pointer operand and the result point to elements of the
> same array object, or one past the last element of the array object,
> the evaluation shall not produce an overflow; otherwise, the behavior
> is undefined.

I don't have a copy of the C standard handy, but that sounds to me
like the result of (unsigned long)(&x) - KERNELBASE is undefined.

Also, what does the standard say about casting pointers to integral
types? IIRC you aren't entitled to assume that a pointer will fit in
any integral type, or anything about the bit patterns that you get.

My point is that the kernel makes some assumptions about how pointers
are represented, which are eminently reasonable assumptions, but which
"portable" C programs are not entitled to make according to the C
standard.

Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jan 07 2002 - 21:00:20 EST