Path: csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Tim Rentsch <tr.17687@z991.linuxsc.com>
Newsgroups: comp.lang.c
Subject: Re: Loops (was Re: do { quit; } else { })
Date: Mon, 12 May 2025 23:03:59 -0700
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <86v7q5vygg.fsf@linuxsc.com>
References: <vspbjh$8dvd$1@dont-email.me> <vti2ki$g23v$1@dont-email.me> <vtin99$vu24$1@dont-email.me> <vtiuf0$18au8$1@dont-email.me> <vtj97r$1i3v3$1@dont-email.me> <vtl166$36p6b$1@dont-email.me> <vtlcg0$3f46a$2@dont-email.me> <20250415153419.00004cf7@yahoo.com> <86h62078i8.fsf@linuxsc.com> <20250504180833.00000906@yahoo.com> <86plggzilx.fsf@linuxsc.com> <vvnsvt$3k1mu$1@dont-email.me> <86ldr4yx0x.fsf@linuxsc.com> <vvpmm2$3dhl$1@dont-email.me> <vvpsji$4jht$1@dont-email.me> <vvr5mg$l85c$1@dont-email.me> <87wmam4xa5.fsf@nosuchdomain.example.com> <868qn2zl1m.fsf@linuxsc.com> <vvrs5j$t9go$1@dont-email.me> <86o6vyxoit.fsf@linuxsc.com> <vvu1la$1c54u$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Date: Tue, 13 May 2025 08:04:00 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="2fbcfbf8f4ee6298a3bd638090042c8c"; logging-data="1718299"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/7SrAdtoNYYbn5PbWTeP8I3/CgqHNM4EE="
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.4 (gnu/linux)
Cancel-Lock: sha1:CcwtR5n5YBrJ11saFG3CDJSgTQQ= sha1:AWvDCCusWu90mlaP75SFnKE6XSY=
Xref: csiph.com comp.lang.c:393368

James Kuyper <jameskuyper@alumni.caltech.edu> writes:

> Tim Rentsch <tr.17687@z991.linuxsc.com> writes:
> [...]
>
>> It isn't just that checking the condition cannot be done in general.
>> To be reliable the parameter length information would need to be
>> part of the function's type.
>
> The problem is much deeper than that.  The same pointer can point
> to different arrays, or different positions in the same array,
> during different passes through the same line of code.  Some of
> those would violate this rule, others would not.  I don't see how
> violating such a rule could ever be made a constraint violation.
> [...]

An implementation could issue a diagnostic whenever it could
determine that the requirement had been violated, and also
whenever it could not establish that the requirement was
satisfied.  A message like

   "this call to function foo() might not supply a large enough
    array to satisfy an array static length requirement".

would, I think, satisfy the letter of the rule that any constraint
violation must result in at least one diagnostic being produced.

Granted, I think most people would find such behavior more
annoying than useful, but it does seem to be a way to meet the
stipulations for constraint violations, in letter even if not in
spirit.