This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Document arithmetic overflow semantics

I very much dislike the idea of the optimizer making assumptions based
on undefined semantics. It's a very dangerous path to tread. Consider
the following Ada 83 code (you can get equivalent Ada 95 programs, but
Ada 95 has restricted erroneous behavior as much as possible to minimize
this kind of concern). 

In Ada 83, referencing an undefined variable is erroneous

   put_line ("system disk reformat requested: enter pass word");
	Attempts : Natural; -- count of attempts at pass word entry

           Get (password);
           if password = masterpassword then
	      Attempts := Attempts + 1;
              if Attempts > 4 then raise Hacker_Alert; end if;
	      put_line ("bad pass word, reenter");
	   end if;
	end loop;

Now the optimizer appears to be allowed to do the following.

If password /= masterpassword, then the program execution is errroneous.
That means the program can do anything it likes, e.g. call erase_system_disk.
Great, I can omit as useless the test password = masterpassword and still
provide a fully conformant as-if implementation.

It's really hard from a formal point of view to stop compilers doing this
sort of thing. 

In the case of overflow, sure, I know you can construct examples where the
optimizer is helped but:

a) I very much doubt that it helps significantly in real life
b) I am afraid of optimizers running amok as in the above example

A single program malfunctioning in an unboundedly curious manner which
is difficult to detect or fix balances against a lot of very minor speedups
and probably these days, the curious malfunction wins unless there is a
really big, demonstratable gain.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]