Article <vb6dsi$38fmb$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vb6dsi$38fmb$1@dont-email.me>

Deutsch English Français Italiano

<vb6dsi$38fmb$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: David Brown <david.brown@hesbynett.no>
Newsgroups: comp.arch
Subject: Re: Computer architects leaving Intel...
Date: Tue, 3 Sep 2024 09:29:22 +0200
Organization: A noiseless patient Spider
Lines: 69
Message-ID: <vb6dsi$38fmb$1@dont-email.me>
References: <2024Aug30.161204@mips.complang.tuwien.ac.at>
 <memo.20240830164247.19028y@jgd.cix.co.uk> <vasruo$id3b$1@dont-email.me>
 <2024Aug30.195831@mips.complang.tuwien.ac.at> <vat5ap$jthk$2@dont-email.me>
 <vaunhb$vckc$1@dont-email.me> <vautmu$vr5r$1@dont-email.me>
 <2024Aug31.170347@mips.complang.tuwien.ac.at> <vavpnh$13tj0$2@dont-email.me>
 <vb2hir$1ju7q$1@dont-email.me> <8lcadjhnlcj5se1hrmo232viiccjk5alu4@4ax.com>
 <vb3k0m$1rth7$1@dont-email.me>
 <17d615c6a9e70e9fabe1721c55cfa176@www.novabbs.org>
 <86v7zep35n.fsf@linuxsc.com> <20240902180903.000035ee@yahoo.com>
 <86r0a2otte.fsf@linuxsc.com> <vb50cm$2uttr$1@dont-email.me>
 <vb58i5$303nc$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 03 Sep 2024 09:29:23 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="93d7d6b8e3b40fe75b60c4526d162769";
	logging-data="3423947"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19/CH3WODoB6GBE4D5Fg1zE1BlV8p0H7xw="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Cancel-Lock: sha1:HKbO5Iec79i3EqephWZnuAswFWg=
Content-Language: en-GB
In-Reply-To: <vb58i5$303nc$1@dont-email.me>
Bytes: 4898

On 02/09/2024 22:52, Thomas Koenig wrote:
> Thomas Koenig <tkoenig@netcologne.de> schrieb:
> 
>> "Don't do this" or "don't do that" is not sufficient.  Maybe you,
>> together with like-minded people, could try formulating some rules
>> as an extension to the C standard, and see where it gets you.
>> Maybe you can get it published as an annex.
> 
> Hm... putting some thought into it, it may be a good first step
> to define cases for which a a diagnostic is required; maybe
> "observable error" would be a reasonable term.
> 

That sounds a lot like adding a new type of run-time error handling to 
the language.  That's not necessarily a bad idea, but it would likely be 
a very big change with significant ramifications for existing code.

> So, put "dereferencing a NULL pointer shall be an observable
> error" would make sure that no null pointer checks are thrown
> away, and that this requires a run-time diagnostic.
> 

The kind of null pointer checks that are thrown away by some compilers 
are those that come /after/ a dereference :

	int foo(int * p) {
		int x =  *p;
		if (!p) {
			printf("I shouldn't have done that...\n");
		}
		return x;
	}

If dereferencing a null pointer is an "observable error", it needs to be 
observed at the "int x = *p;" line, and has no influence on the deletion 
of the later pointer check.

Making dereferencing a null pointer an "observable error" would mean 
requiring compilers to insert an explicit check in a large number of 
cases, with a jump to some kind of run-time error-handling code when it 
is zero.  That is a very significant cost, to be paid by all users of 
pointers in C - even those that are careful to ensure that their 
pointers are not null before calling "foo".  (There's also the 
definition complications - a pointer that happens to contain the value 
0, or point to address 0, is not necessarily a NULL pointer, and on some 
targets there are lots of different values that are all null pointers. 
And there are endless possibilities for invalid pointers that are not null.)

C is a language where the programmer takes the responsibility to get the 
code right - not the language or run-time.  It insists on manual and 
explicit control of this kind of thing, so that you don't have to pay 
for checks you don't want.

Leaving the dereferencing of invalid pointers as undefined behaviour 
means that code that does not have invalid pointers does not have extra 
hidden checks and costs, along with hidden jumps to error handlers.  It 
also means that development tools can run in modes that add whatever 
they like of extra checks and handling of invalid pointers - 
"sanitizers" and other run-time checkers.  And static error checkers can 
warn if they see code paths with bad dereferences.

> If that is the case, should dereferencing a member of a struct
> pointed to by a null pointer also be an observable error, and
> be required to be caught at run-time?
> 
> Or is this completely the wrong track, and you would like to do
> something entirely different?  Any annex to the C standard would
> still be constrained to the abstract machine (probably).