This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: basic VRP min/max range overflow question


Paul Schlie wrote:
From: "Joseph S. Myers" <joseph@codesourcery.com>
"no requirements" means that *any* translation conforms in the case of
undefined behavior.  Only those executions not involving undefined
behavior have any requirements.


What delineates the bounds between undefined and non-undefined behaviors?

(As in the extreme if an undefined behavior may arbitrarily corrupt the
entire specified program state, and/or modify the languages otherwise
required semantics governing the translation/execution of a program, it
would seem that rather than attempting to utilize undefined behaviors as
a basis of optimizations, the compiler should more properly simply abort
compilation upon their detection, as the resulting program would be
otherwise be arguably useless for any likely purpose if the effect of an
undefined behavior within a program is not bounded?)

But of COURSE you can't detect these situations at compile time. Even if you had all the input in advance, this would be trivially equivalent to solving the halting problem. Programming language definitions reserve this use of undefined PRECISELY for those cases where it cannot be determined statically whether some rule in the dynamic semantic definition is or is not met.

When a compiler can determine that a given construct is sure to result
in undefined behavior, e.g. it can prove at compile time that overflow
will always occur, then indeed the best approach is to abort, or raise
some kind of exception (depending on the language), and to generate a
warning at compile time that this is going on. It CAN NOT "abort
compilation", since this is not an error condition, it would be improper
to refuse to compile the program. Besides which it would in practice
be wrong, since the compiler may very well be able to tell that a given
statement IF EXECUTED will cause trouble, but be unable to tell if in
fact it will be executed (my password program is like this, a friendly
compiler would warn that the reference to npasswords_entered (or whatever
I called it) results in undefined behavior, and an attentive programmer
who does not ignore warnings will deal with this warning before the
program causes chaotic results.




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]