Re: Sequence points

On Sun, 20 Jan 2008 09:54:31 -0600, Richard Heathfield wrote
(in article <n-SdnWFzXf1m8A7anZ2dnUVZ8qDinZ2d@xxxxxx>):

[undefined behaviour again <sigh> ]

spinoza1111 said:

<snip>

[...] those of us who, throughout the eighties and
nineties, could indeed run examples to discover facts.

When one does this, one learns not the answer to the question "what are the
language rules for this code fragment?" but the answer to the question
"what does this code fragment do on this particular hardware, using this
particular compiler with these particular flag settings?" Whilst that is
certainly a useful fact to learn, it does not teach one anything about the
language itself.

<Microsoft advertisement snipped>

Here's an example of you could lead yourself to a false conclusion in
this way. In fact, it or something like it may explain our little
turret's victim's behavior a bit better.

*** Warning this is broken intentionally to illustrate something,
*** don't use it for anything else) It uses gets() not because it is
*** a good idea at all, but to quickly overrun a buffer similar to the
*** mistakes of a lot of young programmers.

if you have something like this:

#include <stdio.h>

#define TEST_LEN 10
int main(void)
{
char buffer[TEST_LEN] = ".......";
char guardstr[TEST_LEN] = "Hello Ed";

printf("Enter something on the keyboard: ");
fflush(stdout);
gets(buffer); /* Warning: REALLY bad idea. */

printf("[%s]\n", buffer);
printf("[%s]\n", guardstr);
return 0;
}

If I compile this on one of the systems I have here:
$ cc ex1.c -o ex1
$ ./ex1

I get this prompt line, which is garbled due to a message from the
standard library implementation for gets():
Enter something on the keyboard: warning: this program uses gets(),
which is unsafe.

If I type in "Edward" and hit the return key.
I get this output:
[Edward]
[Hello Ed]

and it terminates normally.

Gee, gets is fine eh? Let's try another test.

I run it again, this time I type in "Edward G. Nilges, Esquire" and hit
return. I get this output:
[Edward G. Nilges, Esquire]
[Nilges, Esquire]

Oops, guardstr got corrupted, but it still terminated normally and a
novice might not notice this in a large program with slightly larger
values for TEST_LEN.

Now, let's run it once again and use this input + return:
Edward G. Nilges, aka spinoza1111 appears to have a bad habit
collection.

I get this output (extra line wrapping due to Usenet conventions):
[Edward G. Nilges, aka spinoza1111 appears to have a bad habit
collection.]
[Nilges, aka spinoza1111 appears to have a bad habit collection.]
Segmentation fault

Oops. the program crashed. It might not happen at all pre-production
release; ex: you are someone with a habit of using poorly chosen test
data.

Many programmers my accidentally assume from this (if they even noticed
it at all before corrupting some poor person down the road's data) that
it is "okay, in practice" to do such things. If you just don't do it
too much. They might even investigate further, and try to figure out
just how much they can get away with, and perhaps think that what
/that/ platform did could be counted on everywhere, label it "praxis"
and put it in a book even.

Digging around a bit more, he notices, that on the particular platform
and development environment used for the examples above, that no matter
how you play with the sizes of TEST_LEN and the console input values,
you can get away with overwriting buffer by 55 bytes, but not by 56
bytes. Each time strlen(buffer) >= (TEST_LEN + 56) the program will
segfault, but it will exit normally with no errors otherwise. Oooh,
not only does he now have "praxis" to rely on, he has an ALGORITHM that
he can wave around to prove it.

Using a slightly different version of the compiler and/or compiler
flags on the original platform you may get different results as well.
Problem is, these results aren't reproducible on 4 other platforms that
people reading his writing use, and his algorithm isn't worth beans, in
practice.

But this poor "programming guru" doesn't bother with test cases, they
are jejune and beneath him.



--
Randy Howard (2reply remove FOOBAR)
"The power of accurate observation is called cynicism by those
who have not got it." - George Bernard Shaw





.

Relevant Pages

  • Re: Letter to US Sen. Byron Dorgan re unpaid overtime
    ... I recall it made fun of Nilges' ... I shall have to develop a Windows compiler myself it ... > loop, code to evaluate the expression in the loop condition, a branch ... > stack in the compiler for all nesting constructions including fors, ...
    (comp.programming)
  • Re: Letter to US Sen. Byron Dorgan re unpaid overtime
    ... inadequacy of the language; it's a dangerous game to play, ... >> The 'compiler mechanisms' for handlng for loops in various languages, ... What makes you think your threats are popular and well-attended? ... You know, Mr Nilges, there's one thing that puzzles me; ...
    (comp.programming)
  • Re: PROFESSIONAL floating-point algorithms.
    ... The problem is that such compromises are the ... > to hell and gone) system is moved onto a faster CPU and stops working. ... was this CPU designed by Edward G Nilges? ...
    (comp.programming)
  • Re: PLEASE READ (was Re: recursive proofs)
    ... >> He of course repeats that he worked on all this high level code with ... >> How long did he assist John Nash? ... The solution was not to use the Microsoft compiler ... I find it amazing that Mr Nilges is so pleased with his advice of "nah, ...
    (comp.programming)
  • Re: Letter to US Sen. Byron Dorgan re unpaid overtime
    ... >> The compiler will ordinarily optimise this out for you. ... and as long as the programmer knows which choice was made. ... Looks like you were one of the nine, Mr Nilges. ...
    (comp.programming)