But making it traps breaks real C code, so it can't be what the spec says.
Good specs respect their existing clients!
Conversation
Forbidding trapping also breaks widely deployed existing implementations, so you can't do that either per your own rules, sorry.
1
1
This Tweet was deleted by the Tweet author. Learn more
It's always implemented in software via hardware features. The features vary in performance. Jump-on-overflow is a lot worse than architectures with support for enabling a trapping mode, whether it's strict or propagates a poison value that can never be accessed (since it traps).
1
1
Hardware doesn't implement C, so there isn't a standard behavior defined by hardware. It's up to the compiler to map C onto the hardware or the virtual machine. They get to choose how to handle each kind of undefined or implementation defined behavior, and everything else.
2
1
I think you're getting hung up on this idea that if the spec doesn't leave something undefined, then implementations can't *ever* deviate from what otherwise would be defined. It just means that they can't deviate by default. You can pass flags that change behavior.
1
No, that's not what I've been saying. I think it would be a serious regression to break compatibility with safe implementations by making it correct to be incompatible with them. You want to massively roll back safety and security, especially if you want to remove it by default.
2
1
You're trying to portray these safety features as a deviation from proper C, when they are fully compliant with the standard and what you want is the actual deviation from the C standard. C is not what you want it to be. You want a different language, not C.
2
Because they are deviations from how C currently works. They break expectations of existing C code.
1
Features like _FORTIFY_SOURCE and CFI are how C is broadly deployed in the wild. It's not a deviation from how it works. It's fully compliant with the standard and is what operating systems actually implement and enable by default, with more safety enabled by default over time.
1
You're the one who wants to change the standard in a way that forbids existing compiler and runtime implementations in the wild. You want to forbid those safety features, which are currently permitted. You can try to pretend otherwise, but it's what you are saying.