Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 3 Jan 2002 05:12:35 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 3 Jan 2002 05:12:26 -0500 Received: from samba.sourceforge.net ([198.186.203.85]:3338 "HELO lists.samba.org") by vger.kernel.org with SMTP id ; Thu, 3 Jan 2002 05:12:13 -0500 From: Paul Mackerras MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15412.11822.811712.207946@argo.ozlabs.ibm.com> Date: Thu, 3 Jan 2002 21:10:54 +1100 (EST) To: Richard Henderson Cc: Tom Rini , jtv , Momchil Velikov , linux-kernel@vger.kernel.org, gcc@gcc.gnu.org, linuxppc-dev@lists.linuxppc.org, Franz Sirl , Benjamin Herrenschmidt , Corey Minyard Subject: Re: [PATCH] C undefined behavior fix In-Reply-To: <20020103003240.A10838@redhat.com> In-Reply-To: <87g05py8qq.fsf@fadata.bg> <20020102190910.GG1803@cpe-24-221-152-185.az.sprintbbd.net> <20020102133632.C10362@redhat.com> <20020102220548.GL1803@cpe-24-221-152-185.az.sprintbbd.net> <20020102232320.A19933@xs4all.nl> <20020102231243.GO1803@cpe-24-221-152-185.az.sprintbbd.net> <20020103004514.B19933@xs4all.nl> <20020103000118.GR1803@cpe-24-221-152-185.az.sprintbbd.net> <20020102160739.A10659@redhat.com> <15411.49911.958835.299377@argo.ozlabs.ibm.com> <20020103003240.A10838@redhat.com> X-Mailer: VM 6.75 under Emacs 20.7.2 Reply-To: paulus@samba.org Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Richard Henderson writes: > On Thu, Jan 03, 2002 at 01:33:27PM +1100, Paul Mackerras wrote: > > I look forward to seeing your patch to remove all uses of > > virt_to_phys, phys_to_virt, __pa, __va, etc. from arch/alpha... :) > > I don't dereference them either, do I? Does that matter? To quote your earlier message: > No. You still have the problem of using pointer arithmetic past > one past the end of the object. > > C99 6.5.6/8: > > If both the pointer operand and the result point to elements of the > same array object, or one past the last element of the array object, > the evaluation shall not produce an overflow; otherwise, the behavior > is undefined. I don't have a copy of the C standard handy, but that sounds to me like the result of (unsigned long)(&x) - KERNELBASE is undefined. Also, what does the standard say about casting pointers to integral types? IIRC you aren't entitled to assume that a pointer will fit in any integral type, or anything about the bit patterns that you get. My point is that the kernel makes some assumptions about how pointers are represented, which are eminently reasonable assumptions, but which "portable" C programs are not entitled to make according to the C standard. Paul. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/