Article <20240322123323.805@kylheku.com>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <20240322123323.805@kylheku.com>

Deutsch English Français Italiano

<20240322123323.805@kylheku.com>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Kaz Kylheku <433-929-6894@kylheku.com>
Newsgroups: comp.lang.c
Subject: Re: A Famous Security Bug
Date: Fri, 22 Mar 2024 19:43:04 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 74
Message-ID: <20240322123323.805@kylheku.com>
References: <bug-20240320191736@ram.dialup.fu-berlin.de>
 <20240320114218.151@kylheku.com> <uthirj$29aoc$1@dont-email.me>
 <20240321092738.111@kylheku.com> <87a5mr1ffp.fsf@nosuchdomain.example.com>
 <20240322083648.539@kylheku.com> <87le6az0s8.fsf@nosuchdomain.example.com>
 <20240322094449.555@kylheku.com> <87cyrmyvnv.fsf@nosuchdomain.example.com>
Injection-Date: Fri, 22 Mar 2024 19:43:04 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="5ea1ed0f61c2acaab32e111ed755f390";
	logging-data="3270966"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+g+JVPl5NgJtgnUMvX96llfqFOy2hHvEM="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:GN/kXJNP7Fmxwf6cfNb27xBZnTo=
Bytes: 4558

On 2024-03-22, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote:
> Is the "call" instruction *observable behavior* as defined in 5.1.2.3?

No it isn't. The Boolean fact whether or not that call is taken can be
tied to observable behavior elsewhere, though.

>
> [...]
>
>>> In phase 8:
>>>     All external object and function references are resolved. Library
>>>     components are linked to satisfy external references to functions
>>>     and objects not defined in the current translation. All such
>>>     translator output is collected into a program image which contains
>>>     information needed for execution in its execution environment.
>>>
>>> I don't see anything about required CPU instructions.
>>
>> I don't see anything about /removing/ instructions that have to be
>> there according to the semantic analysis performed in order to
>> translate those units from phases 1 - 7, and that can be confirmed
>> to be present with a test harness.
>
> The standard doesn't mention either adding or removing instructions.
>
> Running a program under a test harness is effectively running a
> different program.  Of course it can yield information about the
> original program, but in effect you're linking the program with a
> different set of libraries.

It's a different program, but the retained translation unit must be the
same, except that the external references it makes are resolved to
different entities.

If in one program we have an observable behavior which implies that a
call took place (that itself not being directly observable, by
definition, I again acknowledge) then under the same conditions in
another program, that call also has to take place, by the fact that the
translation unit has not changed.

> I can use a test harness to observe whether a program uses an add or inc
> instruction to evaluate `i++` (assuming the CPU has both instructions).
> The standard doesn't care how the increment happens, as long as the
> result is correct.  It doesn't care *whether* the increment happens
> unless the result affects the programs *observable behavior*.

If i is an object with external linkage defined outside of some
tranlation unit and some function in the translation unit
unconditionally increments i (without further using its value), then
that has to happen, even in a program in which nothing else uses i.

By this blackbox method I'm describing, no, we cannot confirm whether
it's by an inc instruction or whatever. Just, does it happen.

In one test program we can tie that to observable behavior, like
printing the value of i before and after calling that function.

Though the increment isn't observable behavior (unless i is volatile?),
since it has been confirmed that the translation unit does that, it does
that.

> What in the description of translation phases 7 and 8 makes
> behavior-preserving optimizations valid in phase 7 and forbidden in
> phase 8?  (Again, insert weasel words about unspecified behavior.)

That translation phase 7 is described as completing semantic analysis,
resulting in a translated unit which may be retained. (Moreover,
analysis of a single unit, not multiple.) and that 8 is described
as only resolving references and linking.

-- 
TXR Programming Language: http://nongnu.org/txr
Cygnal: Cygwin Native Application Library: http://kylheku.com/cygnal
Mastodon: @Kazinator@mstdn.ca