This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Fix 'array subscript is above array bounds' warning in res_send.c
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Tue, 16 Dec 2014 10:41:52 -0800
- Subject: Re: [PATCH] Fix 'array subscript is above array bounds' warning in res_send.c
- Authentication-results: sourceware.org; auth=none
- References: <20141216100950 dot GM30928 at spoyarek dot pnq dot redhat dot com> <mvm388fkifz dot fsf at hawking dot suse dot de> <20141216104514 dot GN30928 at spoyarek dot pnq dot redhat dot com> <mvmy4q7j20b dot fsf at hawking dot suse dot de> <20141216112624 dot GO30928 at spoyarek dot pnq dot redhat dot com> <5490254E dot 8060508 at linux dot vnet dot ibm dot com> <20141216125211 dot GW30928 at spoyarek dot pnq dot redhat dot com> <54902C9E dot 5030408 at linux dot vnet dot ibm dot com> <20141216130524 dot GX30928 at spoyarek dot pnq dot redhat dot com> <54902FB8 dot 8070006 at linux dot vnet dot ibm dot com> <20141216134432 dot GY30928 at spoyarek dot pnq dot redhat dot com> <20141216180536 dot 9D6AE2C2448 at topped-with-meat dot com>
On 12/16/2014 10:05 AM, Roland McGrath wrote:
changing the source code just to make the compiler happy is not the thing
we avoid: it's changes that de-optimize the generated code.
For what it's worth, we use a similar rule in Gnulib and core GNU apps.
That being said, I can't resist mentioning that Dijkstra was a fan using
the 'i == n' test as opposed to the 'i >= n' test in cases like these,
so I expect he would not have favored this change. Dijkstra's argument
was that if 'i == n' is correct, then using 'i >= n' will make the code
more robust in the presence of programming errors elsewhere, which is
not what you should want: you should want your program to crash nicely
(not limp along) in the presence of these other errors. Those were the
days, eh?