This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: signed is undefined and has been since 1992 (in GCC)


Robert Dewar <dewar@adacore.com> writes:

| Gabriel Dos Reis wrote:
| 
| > and it should also be able to take your life.  Do you want it to actually
| > do it?  If yes, I suggest you create your own compiler that does that
| > and leave us work on a compiler that does something more positive.
| > -- Gaby
| 
| Obviously no one programs a compiler to deliberately have disastrous
| behavior in an undefined situation. However, if you are interested in
| the best possible code from an efficiency point of view, the compiler
| is allowed to assert that the overflow cannot take place, and then make
| all logical deductions about control flow etc that come from this
| assumption. As I showed with my password example, this can have unexpected
| results.

I saw your passsword example but I think it is largely beside the point.
I'm not interested in programming "undefined behaviour".  I'm looking
for way to take advantage of that liberty we accept more useful
programs where we can.

The issue here is whether if the hardware consistently display a
semantics, GCC should not allow access to that consistent semantics
under the name that "the standard says it is undefined behaviour".
Consider the case of converting a void* to a F*, where F is a function
type. 

-- Gaby


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]