1. Forum
  2. Fidonet
  3. COMP.LANG.C

  • Re: Is C ready to become a safer language?

    From Tim Rentsch@3:633/280.2 to All on Sun Mar 24 04:35:55 2024
    Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:

    Tim Rentsch <tr.17687@z991.linuxsc.com> writes:

    Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:

    Tim Rentsch <tr.17687@z991.linuxsc.com> writes:

    Keith Thompson <Keith.S.Thompson+u@gmail.com> writes:

    Tim Rentsch <tr.17687@z991.linuxsc.com> writes:
    [snip discussion of a program that divides by zero]

    An implementation can refuse to translate the program, but not
    because undefined behavior occurs. The undefined behavior here
    happens only when the program is executed, but just compiling the
    program doesn't do that. No execution, no undefined behavior.
    Still the program may be rejected, because it is not strictly
    conforming (by virtue of having output depend on the undefined
    behavior if the program is ever run).

    Just to be clear, would you say that a conforming hosted
    implementation may reject this program:

    #include <limits.h>
    #include <stdio.h>
    int main(void) {
    printf("INT_MAX = %d\n", INT_MAX);
    }

    solely because it's not strictly conforming?

    My understanding of the C standard is that a hosted implementation
    may choose not to accept the above program and still be conforming,
    because this program is not strictly conforming. (Please assume
    subsequent remarks always refer to implementations that are both
    hosted and conforming.)

    Also, assuming we have ruled out cases involving #error, a
    conforming implementation may choose not to accept a given program
    if and only if the program is not strictly conforming. Being
    strictly conforming is the only criterion that matters (again
    assuming there is no #error) in deciding whether an implementation
    may choose not to accept the program in question.

    I'm guessing that what you mean by "may reject" is the same as what
    I mean by "may choose not to accept". I'd like to know if you think
    that's right, or if you think there is some difference between the
    two. (My intention is that the two phrases have the same meaning.)

    Does the above adequately address the question you want answered?

    I'm not sure. As I recall, I gave up on trying to understand what
    you think "accept" means.

    N1570 5.1.2.3p6:

    [CORRECTION: 3p4]

    A program that is correct in all other aspects, operating on
    correct data, containing unspecified behavior shall be a
    correct program and act in accordance with 5.1.2.3.

    Does that not apply to the program above? How can it do so if it's
    rejected (or not "accepted")?

    The same paragraph says that "A *conforming hosted implementation*
    shall accept any strictly conforming program". Are you reading
    that as implying that *only* strictly conforming programs must be
    accepted?

    As a practical matter, an implementation that accepts *only*
    strictly conforming programs would be very nearly useless. I
    don't see anything in the standard that says a program can be
    rejected purely because it's not strictly conforming, and I don't
    believe that was the intent.

    My understanding of the C standard is that 'shall accept' is
    meant in the sense of 'shall use its best efforts to complete
    translation phases 1 through 8 successfully and produce an
    executable'.

    That sounds reasonable. I wish the standard actually defined
    "accept".

    Where you say "5.1.2.3p6:" I expect you mean "4p3".

    Yes.

    Where you say "the same paragraph" I expect you mean "4p6".

    Yes.

    The word "reject" does not appear in the C standard. In my own
    writing I am trying henceforth to use "accept" exclusively and
    not use "reject". For the safe of discussion I can take "reject"
    to mean the logical complement of "accept", which is to say a
    program is either accepted or rejected, never both and never
    neither. Does that last sentence match your own usage?

    Yes, "reject" means "not accept". There might be some nuance that
    that definition misses, so I'll try to avoid using the word "reject"
    in this discussion.

    The C standard has only one place where a statement is made about
    accepting a program, saying in 4p6 that implementations shall
    accept any strictly conforming program; no other paragraph in the
    standard mentions accepting a program. Given that, it's hard for
    me to understand how someone could read the standard as saying
    anything other than that a program must be accepted if it is
    strictly conforming, but if the program is not strictly conforming
    then there is no requirement that it be accepted. In short form, a
    program must be accepted if and only if it is strictly conforming.
    Does that summary mean something different than your phrase "*only*
    strictly conforming programs must be accepted"?. My understanding
    of the C standard is that strictly conforming programs must be
    accepted, but implementations are not required to accept any
    program that is not strictly conforming.

    Certainly a conforming implementation must accept any strictly
    conforming program (insert handwaving about capacity limits).

    No handwaving needed. If "accept" is taken to mean 'shall use its
    best efforts to ...', etc., there is no problem with those efforts
    failing for reasons outside the implementation's control.

    I can understand how one might read that requirement as implying
    that an implementation need not accept any program that is not
    strictly conforming. I don't read it that way.

    James Kuyper has said

    The standard never talks about rejection. It requires that
    "A conforming hosted implementation shall accept any
    strictly conforming program.". No such requirement applies
    to any program which is not strictly conforming. (4p6)

    Clearly James thinks implementations are free not to accept any
    program that is not strictly conforming. Do you think James is
    wrong?

    In an earlier posting you said

    I don't see anything in the standard that says a program can
    be rejected purely because it's not strictly conforming, and
    I don't believe that was the intent.

    What is the basis for that belief? Can you point to some passage in
    the C standard, or some other materials, that supports it? Or do
    you believe it just because you think no sensible person could
    intend otherwise?

    In response to your question about 4p3, the short answer is that
    any non-strictly-conforming program that an implementation chooses
    not to accept is not correct in all other aspects, so 4p3 does not
    apply. If you want to talk about that further we should split that
    off into a separate thread, because 4p3 has nothing to do with
    program acceptance.

    I say it does. Under 4p3, the above program (that prints the value
    of INT_MAX) is a "correct program", so it must "act in accordance
    with 5.1.2.3". It cannot do so unless it is first accepted.

    It's a circular argument. You assume that a non-strictly conforming
    program does not violate the requirement that the program be "correct
    in all other aspects" and then conclude that the program is correct.
    You're assuming the very thing you set out to prove.

    What is the purpose of 4p3? What is the motivation for including it
    in the C standard? Do you think it's there only to make programs
    like the INT_MAX program above be non-rejectable? What else does it
    do? What do you think is meant by "act in accordance with 5.1.2.3"?
    Besides the C standard, what other materials or resources have you
    consulted in forming your opinions or drawing your conclusions?

    Suppose 4p3 were not included in the C standard. How would that
    change the C language? What would be different, besides questions
    like the one we are considering now?

    The C90 standard does not include any requirement along the lines of
    4p3 in C99 and later. Does that mean C90 is different in some way?
    What prompted the insertion of 4p3 into C99? What efforts have you
    made to investigate that? Or have you not made any?

    You're saying that the correctness of a program can depend on
    whether an implementation chooses to accept it. I disagree.

    Certainly whether a program is strictly conforming CAN make a
    difference in whether a program is "correct in all other aspects"
    with respect to whether 4p3 applies. I have posted an example
    actually observed in the behaviors of gcc and clang (having to do
    with the size of an array type). The example violates no
    constraints or syntax rules, has no undefined behavior, and uses
    only language features specified in the C standard. Despite all
    that clang rejects it. The only basis for clang's rejecting the
    program is that the program is not strictly conforming. So one way
    or another 4p3 is not relevant.

    An implementation that does not accept the above program is not
    conforming because the implementation violates 4p3.

    Your reasoning the 4p3 applies here is flawed, because it's a
    circular argument. More compellingly, you haven't presented any
    evidence that 4p3 is meant to be relevant to the question of
    acceptance. I know you think it is, and you have offered some
    reasoning why it should be, but your explanations are not evidence.
    What leads you to believe that members of the ISO C committee look
    at this issue the same way you do? Have you made any effort to
    answer that question?

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: A noiseless patient Spider (3:633/280.2@fidonet)