From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,df854b5838c3e14 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,df854b5838c3e14 X-Google-Attributes: gid1014db,public X-Google-Thread: 10db24,fec75f150a0d78f5 X-Google-Attributes: gid10db24,public X-Google-Thread: 103376,df854b5838c3e14 X-Google-Attributes: gid103376,public From: karish@pangea.Stanford.EDU (Chuck Karish) Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada) Date: 1996/04/12 Message-ID: <4kk9e1$he1@nntp.Stanford.EDU>#1/1 X-Deja-AN: 147016505 organization: Mindcraft, Inc. newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu Date: 1996-04-12T00:00:00+00:00 List-Id: Dave Emery roped me into this discussion, and now that I see how nastily some people choose to express their frustration with a ill-defined problem, I'm not sure whether to thank him. Anyway, the problem as he posed it to me is whether code like /* sample 1 */ char buf[100]; ... i = read (fd, buf, 200); is legal under the C and/or POSIX.1 standards. My understanding is that it conforms to the C and the POSIX.1 standards but that it is not guaranteed to work. Neither ISO/IEC 9945-1 (POSIX.1) nor ISO/IEC 9989 (Standard C) specifies the details of storage in the calling environment. This means that a conforming implementation could, but need not, automatically adjust storage to allow 200 bytes of data to be stored though only 100 bytes were allocated. POSIX.1 specifically allows the implementation to report an error for a condition that is not spelled out in the Standard: Implementations may support additional errors not included in this clause, may generate errors included in this clause under circumstances other than those described in this clause, or may contain extensions or limitations that prevent some errors from occurring. My understanding is that this thread started around a discussion of bounds checking under Linux that seems to go beyond the requirements of POSIX.1. According to the wording quoted above, such extra stringency is allowed by POSIX.1. There are a lot of things that are intentionally not spelled out by standards. Sometimes this is because the standard writers want to limit the scope of the document to keep it legible and usable, and sometimes it's because they don't want to preclude implementors from offering usable products based on current technology or from adding capabilities and value to future products. Anyone who craves a standard that describes every possible aspect of system behavior with complete logical precision is invited to study the later writings of Rene Descartes and then get back to us. -- Chuck Karish karish@mindcraft.com (415) 323-9000 x117 karish@pangea.stanford.edu