This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: basic VRP min/max range overflow question


On Sat, 18 Jun 2005, Paul Schlie wrote:

> So in effect the standard committee have chosen to allow any program which
> invokes any undefined behavior to behave arbitrarily without diagnosis?

That is the *whole point* of undefined behavior.  Unless the program also 
violates a compile-time syntax rule or constraint, no diagnosis is 
required.

> This is a good thing?

Yes, C is designed to allow more efficient optimization of correct 
programs at the expense of complete unpredictability for incorrect 
programs.  If you want different tradeoffs, use another language such as 
Java instead of complaining about the design principles of C.

The important cases of optimization are where the programmer knows that 
the undefined behavior cannot occur in any execution of the program but 
the compiler can only know this by presuming that the programmer knew what 
they were doing and that undefined behavior won't occur.  For example, a 
competent programmer will not write programs where a signed loop variable 
overflows, and loops can be optimized better if you can ignore the 
possibility of loops overflowing.  Undefined behavior on overflow allows 
this optimization for loops with signed induction variables, on the 
presumption of a competent programmer.  If the induction variable is 
unsigned, the compiler needs to allow for overflow in case of perverse but 
correct programmers writing what would nevertheless be valid code, and the 
loops cannot be optimized so well.  Similarly, a competent programmer will 
not write programs which modify the same object twice between sequence 
points, but in general the compiler can't know whether two pointer 
dereferences in an expression refer to the same object; undefined behavior 
allows the compiler to reorder and schedule the expression for more 
efficient execution anyway on the presumption that no prohibited aliasing 
occurs.

> [ curiously can't find any actual reference stating that integer overflow
>   is specifically results in undefined behavior, although it's obviously ill
>   defined?

In general you don't need any specific reference; the mere lack of 
definition suffices; see 4#2:

       [#2] If  a  ``shall''  or  ``shall  not''  requirement  that
       appears outside of a constraint is violated, the behavior is
       undefined.  Undefined behavior  is  otherwise  indicated  in
       this   International   Standard  by  the  words  ``undefined
       behavior'' or by the omission of any explicit definition  of
       behavior.   There  is  no difference in emphasis among these
       three; they all describe ``behavior that is undefined''.

But the specific reference you want is 6.5#5:

       [#5]  If  an  exceptional  condition   occurs   during   the
       evaluation  of  an expression (that is, if the result is not
       mathematically defined or not in the range of  representable
       values for its type), the behavior is undefined.

Again, if you don't like the definition of C, there are other programming 
languages available which may be more to your taste.

-- 
Joseph S. Myers               http://www.srcf.ucam.org/~jsm28/gcc/
    jsm@polyomino.org.uk (personal mail)
    joseph@codesourcery.com (CodeSourcery mail)
    jsm28@gcc.gnu.org (Bugzilla assignments and CCs)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]