This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: basic VRP min/max range overflow question
- From: "Joseph S. Myers" <joseph at codesourcery dot com>
- To: Paul Schlie <schlie at comcast dot net>
- Cc: Dale Johannesen <dalej at apple dot com>, Robert Dewar <dewar at adacore dot com>, Mike Stump <mrs at apple dot com>, Andrew Pinski <pinskia at physics dot uc dot edu>, GCC Development <gcc at gcc dot gnu dot org>
- Date: Sat, 18 Jun 2005 19:57:21 +0000 (UTC)
- Subject: Re: basic VRP min/max range overflow question
- References: <BED9E540.A897%schlie@comcast.net>
On Sat, 18 Jun 2005, Paul Schlie wrote:
> So in effect the standard committee have chosen to allow any program which
> invokes any undefined behavior to behave arbitrarily without diagnosis?
That is the *whole point* of undefined behavior. Unless the program also
violates a compile-time syntax rule or constraint, no diagnosis is
required.
> This is a good thing?
Yes, C is designed to allow more efficient optimization of correct
programs at the expense of complete unpredictability for incorrect
programs. If you want different tradeoffs, use another language such as
Java instead of complaining about the design principles of C.
The important cases of optimization are where the programmer knows that
the undefined behavior cannot occur in any execution of the program but
the compiler can only know this by presuming that the programmer knew what
they were doing and that undefined behavior won't occur. For example, a
competent programmer will not write programs where a signed loop variable
overflows, and loops can be optimized better if you can ignore the
possibility of loops overflowing. Undefined behavior on overflow allows
this optimization for loops with signed induction variables, on the
presumption of a competent programmer. If the induction variable is
unsigned, the compiler needs to allow for overflow in case of perverse but
correct programmers writing what would nevertheless be valid code, and the
loops cannot be optimized so well. Similarly, a competent programmer will
not write programs which modify the same object twice between sequence
points, but in general the compiler can't know whether two pointer
dereferences in an expression refer to the same object; undefined behavior
allows the compiler to reorder and schedule the expression for more
efficient execution anyway on the presumption that no prohibited aliasing
occurs.
> [ curiously can't find any actual reference stating that integer overflow
> is specifically results in undefined behavior, although it's obviously ill
> defined?
In general you don't need any specific reference; the mere lack of
definition suffices; see 4#2:
[#2] If a ``shall'' or ``shall not'' requirement that
appears outside of a constraint is violated, the behavior is
undefined. Undefined behavior is otherwise indicated in
this International Standard by the words ``undefined
behavior'' or by the omission of any explicit definition of
behavior. There is no difference in emphasis among these
three; they all describe ``behavior that is undefined''.
But the specific reference you want is 6.5#5:
[#5] If an exceptional condition occurs during the
evaluation of an expression (that is, if the result is not
mathematically defined or not in the range of representable
values for its type), the behavior is undefined.
Again, if you don't like the definition of C, there are other programming
languages available which may be more to your taste.
--
Joseph S. Myers http://www.srcf.ucam.org/~jsm28/gcc/
jsm@polyomino.org.uk (personal mail)
joseph@codesourcery.com (CodeSourcery mail)
jsm28@gcc.gnu.org (Bugzilla assignments and CCs)