On 2017/01/07 8:27 +0900, Neil MacIntosh wrote:
> I am still not sure you are correct about whether that access pattern is
> actually undefined behavior. I'm afraid I'm not a language lawyer ;-)
For me, it seems somewhat easy. Consider the following concrete example:
int i = 0;
unsigned char* p = reinterpret_cast<unsigned char*>(&i);
p + 1;
"p" points to "i", which is an object of type int.
N4618 5.7 [expr.add] p6 says:
> For addition or subtraction, if the expressions P or Q have type
> "pointer to cv T", where T and the array element type are not similar
> (4.5), the behavior is undefined.
and footnote 86:
> An object that is not an array element is considered to belong to a
> single-element array for this purpose; see 5.3.1.
"T" and "the array element type" in the above example are unsigned char
and int, respectively. Then, because unsigned char and int are not
similar, the behavior is undefined.
Can you assert otherwise?
> I would suggest you ask Core the question about undefined behavior via
> their mailing reflector.
Thank you. But I can't do that by myself now because I'm not a member of
national body, and don't have attended a meeting.
https://stackoverflow.com/questions/9070651/c-standards-committee-reflector-mailing-lists
I'll seek someone who can forward this to the Core mailing reflector.
(Do you know?)
> I'm not sure how adding a new type that is distinct from existing
> types used to also hold both integers and characters, but has the exact
> same semantics as those types worsens the situation. It certainly does
> nothing to encourage people to write the type of code we are discussing.
If the proposal got adopted, someone will write an example code to
demonstrate the new feature. But it will be hard to make such an example
without violating the above explained language rule.
> That sort of code is already written - millions of lines of it - and
> more is written every day. Passing or blocking the byte proposal will
> have no impact on that.
The situation sounds same with singed integer overflow, or type based
aliasing rule. People write that sort of code at their own risk, or with
a guarantee given by the implementation. But it doesn't mean the
committee can ignore the existing language rule to standardize a new
feature.
> I certainly don't see what sort of evidence you can point to that adding
> "byte" in addition to "unsigned char", would somehow reduce the
> reliability of the language.
If something says "Here is the feature to do X, but X results in
undefined behavior", I can't rely on that, can you?
> The intent of the proposal is to enable people to be less ambiguous
> about their intended use of a pointer (are they using it to access some
> object storage, or an integer, or a character?). I think it is
> relatively uncontroversial to say that having distinct types for these
> different purposes makes programs easier to understand, analyze and
> maintain.
It sounds like that it is also good to add [[type-punned]] attribute for
pointers without touching existing type based aliasing rule, or to add
[[overflow-wraps]] attribute for signed integer types without touching
existing rule on overflow. It might be actually good in some points you
mentioned, but it adds the language another inconsistency which the
standard should reduce/avoid.
--
k_satoda