From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,df854b5838c3e14 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,df854b5838c3e14 X-Google-Attributes: gid1014db,public X-Google-Thread: 10db24,fec75f150a0d78f5 X-Google-Attributes: gid10db24,public X-Google-Thread: 103376,df854b5838c3e14 X-Google-Attributes: gid103376,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada) Date: 1996/04/10 Message-ID: #1/1 X-Deja-AN: 146721715 references: <4kets3$ic0@news-s01.ny.us.ibm.net> <4kfbm9$ea2@solutions.solon.com> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu Date: 1996-04-10T00:00:00+00:00 List-Id: Peter wrote >I suspect what you're seeing is an obvious bug in their specs. As >written, the spec on at least one system also guarantees not to give >a fault for > char buf; > read(fd, &buf, 1000); >even if there are 1000 bytes available, because the check is only specified >for whether the pointer given points to a valid object. No, that's incorrect. All versions of the spec that I have read are quite clear that this call would cause undefined overwriting of data. I say clear here in an informal sense, since these are of course informal specs, but no one could read any of these specs and have any question but that the above has undefined behavior if 1000 bytes are read. I think Peter is misreading the spec here, deliberately or otherwise. >I doubt it. I would bet that whoever wrote it did not give adequate >consideration to it, and did not check the spec in any detail. You would be quite wrong, and you would lose your bet. Some programmers are very aware of specifications as they program! The actual thought process here was very definitely a concious observation that the last call was "safe" because it could not overwrite data, and an assumption that overwriting data was the only undefined semantics involved.