You don't always require trap. There's the equivalent of pragma in the standard that mandates trap. Makes sense for non hot-path. Tunable
But it's still conscious breaking of simple rules that they (we, me included) should be following.
-
-
Your musl example was bad because that was one of the few pieces of imported code, but the IPv6 & DNS parsing vulns were real examples.
-
The latter were just me being overly clever & wrong about assuming loop invariants rather than using easily-provably-correct conditions.
-
Future direction for musl is to reduce cleverness, optimize for simplicity whenever there's not a demonstrable need for cleverness.
End of conversation
New conversation -
-
-
Even assuming this is correct. Think about it like a manager. The fact that no one can really keep those rules, makes them useless
-
> Details. Strict aliasing, easy? Even
@johnregehr @spun_off concludes one mitigates SA by disabling it. Stackoverflow easy? W/ recursion? -
You can't have aliasing UB if you never cast pointers or use implicit void* conversions. Never cast pointers is basically rule #1.
-
Um… You can't have a UB if you never use C, but not sure it's possible to avoid it across large code base, what about inheritance,virt func?
-
Talking about C not C++ here, and specifically aliasing UB. It's one of the easier types of UB to fully preclude.
-
I was talking about C as well, I meant inheritance like in the kernel. struct A { struct Parent p; }, ditto vf struct f_ops { fun_ptr p; }.
-
Yeah, I consider it an argument for not doing that. Linux kernel is basically a tutorial on how not to write C. :-)
-
How else would you implement inheritance?
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.