To: J3                                                     J3/24-150r1
From: Malcolm Cohen
Subject: Interp F23/016 on CFI_establish contradiction
Date: 2024-June-27

----------------------------------------------------------------------

NUMBER: F23/017
TITLE: CFI_establish nonallocatable nonpointer null base address
KEYWORDS: CFI_establish
DEFECT TYPE: Erratum
STATUS: J3 consideration in progress

QUESTION:

[524:29-31] 18.5.5.5 The CFI_establish function, p3 Description,
states that if CFI_establish is called with the base_addr a null
pointer, and attribute CFI_attribute_other (i.e. not a pointer or
allocatable), it establishes
    "a C descriptor that has the attribute CFI_attribute_other but
     does not describe a data object".

However, looking at the definition of base_addr in 18.5.3 [518:15-19],
it does not allow this:
    "If the object is an unallocated allocatable variable or a pointer that
     is disassociated, the value is a null pointer; otherwise... {cases
     that are not null pointers}."

Note that CFI_establish is required to follow these rules, as p1
of 18.5.3  states
    "The values of these members of a structure of type CFI_cdesc_t
     that is produced by the functions and macros specified in this
     document... shall have the properties described in this
     subclause."

That is a contradiction, which means that when CFI_establish is called
with CFI_attribute_other, and base_addr is a null pointer, the program
is not standard-conforming and so any behaviour (including memory
corruption or program termination) may result.

Either this needs to be permitted in 18.5.3, or forbidden in 18.5.5.5.
Permitting it does not seem useful, as there seems to be little or
nothing one could possibly do with such a C descriptor.

How should this contradiction be resolved?

ANSWER:

This should not be permitted, as it is useless.

Edits are provided to explicitly forbid this.

EDITS to 24-007:

[524:15] 18.5.5.5 The CFI_establish function, p2 Formal Parameters,
         attribute parameter,
         Append new sentence
    "If it is CFI_attribute_other, \cf{base_addr} shall not be a null
     pointer."

[524:29-31] Same subclause, p3 Description,
            After "for an unallocated allocatable"
            change the comma to "or",
            After "disassociated pointer"
            delete ", or is... data object",
            making that sentence read
    "If \cf{base_addr} is a null pointer, the established C descriptor
     is for an unallocated allocatable or a disassociated pointer."

{J3: The paragraph is a wall of text, so I won't regurgitate it here.}

{J3: The standard is contradictory here, so no compatibility issue.}

SUBMITTED BY: Malcolm Cohen

HISTORY: 24-nnn   m233  Submitted

----------------------------------------------------------------------