On Nov 24, 2004, at 6:22 AM, Aleksandar Donev wrote:
> I spent some time debugging a code to eventually find out that a string
> IO buffer overflowed (as in WRITE(string,format)) and thing were
> overwritten without an IO runtime error being generated by the
> compiler.
> I just wanted to check what the guarantees if any we actually have on
> the compiler checking for writing past the end of the buffer:
None. The set of error conditions is processor-dependent. That has
many consequences, some of them a bit unfortunate, and sometimes a bit
surprising. Several of them have been discussed here and/or on clf in
the past. The standard provides a way for the compiler to report I/O
errors, but it does *NOT* specify what those errors are. Some cases
seem "obvious" as ones that should be detected and reported via IOSTAT,
but the compilers don't necessarily agree.
I have been bit by this general area in the past - not specifically
overflowing an internal buffer, but counting on the compiler runtimes
to catch things that seemed "obvious" to me should be I/O error
conditions. Long ago, in f77 land, I had some code that used IOSTAT to
determine whether a field had integer or real data. The value was
supposed to go to different variables depending on which type it looked
like. If the read with an I format worked, I assumed it was the integer
case. This bit me when one compiler decided to "fix" the error instead
of reporting it. I've subsequently learned that there were probably
options to control how the compiler dealt with such things, but the
default wasn't the behavior I expected, and it didn't even occur to me
to look in the right place to find how to change the behavior. Setting
the option would have been operationally awkward anyway, as it depended
on an environment variable, so I wouldn't be able to embed it in the
executable; instead I'd have forever been dealing with problems from
users who didn't have the environment variable set as needed.
> 1) If IOSTAT is specified--is the compiler required to catch the error
I'd hope that it would, but that's just my hope, unsupported by the
standard.
> 2) If IOSTAT is not specified
I'd hope for abort with error message, but again...you know the rest.
--
Richard Maine | Good judgment comes from experience;
[log in to unmask] | experience comes from bad judgment.
| -- Mark Twain
