[PATCH] Document arithmetic overflow semantics
Robert Dewar
dewar@gnat.com
Fri Feb 14 14:14:00 GMT 2003
>
> This is indeed the reason that Ada 95 introduced bounded errors,
> where the language allows the implementation to pick any value
> in the base range of the type or raise an exception.
>
> I think that's intuitively what most of us mean by "undefined" in this
> discussion but you are quite right that it's good to formalize it better.
Yes, and that intuition is dangerously misleading, because it gives a false
sense of comfort. If I tell you that an uninitialized variable could cause
the system disk to be deleted, you will tend to react "yeah, yeah, we know
this language lawyer stuff, but in practice, no implementor is going to
do something that silly". However, once you allow an optimizer to back
propagate the assumption that a program has a defined behavior, things
may get surprising, and as you can see from my earlier message, there is
a not too far fetched scenario in which a well meaning implementation could
in fact end up deleting the system disk unintentionally as an indirect
consequence of an uninitialized variable.
More information about the Gcc-patches
mailing list