Path: csiph.com!news.mixmin.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Tim Rentsch Newsgroups: comp.lang.c Subject: Re: "Catch-23: The New C Standard,Sets the World on Fire" by Terence Kelly with Special Guest Borer Yekai Pan Date: Thu, 06 Apr 2023 19:40:40 -0700 Organization: A noiseless patient Spider Lines: 49 Message-ID: <86zg7k4dp3.fsf@linuxsc.com> References: <87zg7n89zw.fsf@bsb.me.uk> <86h6tu5kbk.fsf@linuxsc.com> <875yaa6sls.fsf@bsb.me.uk> <868rf563qh.fsf@linuxsc.com> <87355d576v.fsf@bsb.me.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: dont-email.me; posting-host="5875df9bba19ee579186922c20124c18"; logging-data="720425"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19SXpXd+kAUVUbaYGzmrc/ES1fEE7YL2uU=" User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.4 (gnu/linux) Cancel-Lock: sha1:alG/RllYVZoiRPr+Z3aNGeSgNP8= sha1:X5iIfIO/4aNRU4OpS1PgNbd0OgU= Xref: csiph.com comp.lang.c:169856 Ben Bacarisse writes: > Tim Rentsch writes: > >> Ben Bacarisse writes: >> >>> Tim Rentsch writes: >>> >>>> Ben Bacarisse writes: >>>> >>>> [context] >>>> >>>>>>>> "Catch-23: The New C Standard,Sets the World on Fire" >>>>>>>> by Terence Kelly >>>>>>>> https://queue.acm.org/detail.cfm?id=3588242 >>>> >>>> [...] >>>> >>>>> But their example stack code lends itself to a puzzle: on what >>>>> implementation assumptions does it depend? I believe it is not >>>>> fully portable for reasons that are unrelated to the realloc >>>>> implementation. [...] >>>> >>>> Can you elaborate on this comment? I don't see what you're >>>> getting at. >>> >>> What happens when sizeof int == 1? >> >> Clearly if push() is called when N == SIZE_MAX (which is possible >> only if sizeof (int) == 1) then the code misbehaves. To me this >> eventuality is more like an unlikely corner case than it is an >> implementation assumption. Granted, the misbehavior can occur >> only on some implementations, but the problem is that the code is >> wrong, not that it has an implementation dependency. That said, >> I see now how this situation fits with what you said earlier >> mentioning "a puzzle" (although it still feels like the phrase >> "implementation assumptions" is more misdirection than it is >> something else). > > I wouldn't say that the code is wrong. It may never have been > written to be portable and there may even be a static assert or > some other test that checks the assumptions the programmer made. > At least that's how I see it. I don't disagree. My use of "wrong" was informal. A better phrasing is that as it stands the code has a potential defect. Moreover the defect is in push(), not in the resize() function. At the very least push() could use an 'assert( N < SIZE_MAX )', or something like it, before calling 'resize(N+1)'.