<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On May 29, 2013, at 1:36 PM, Nevin Liber <<a href="mailto:nevin@eviloverlord.com">nevin@eviloverlord.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">On 29 May 2013 14:35, Jens Maurer <span dir="ltr"><<a href="mailto:Jens.Maurer@gmx.net" target="_blank">Jens.Maurer@gmx.net</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
(1) Is a compiler diagnostic acceptable? Yes.<br>
(2) Is a run-time abort acceptable? Yes.<br>
(3) Is an unspecified result value acceptable? Yes.<br>
(4) Is it acceptable that your compiler changes the behavior<br>
of unrelated code that follows the overflow? That's very surprising.<br>
<br>
Giving compilers latitude to choose among 1-3 (depending on the<br>
target audience) is fine, but, in my opinion, prohibiting option 4<br>
would be an improvement.<br></blockquote><div><br>The counter argument is usually that (4) has a run time cost in that the overflow must now be detected instead of just assumed that it cannot happen. This effectively penalizes correct programs.<br>
<br>What does "behavior of unrelated code" even mean once we've invoked undefined behavior?</div></div></blockquote><br></div><div>Exactly.</div><div><br></div><div>I tell people that "undefined behavior" means "anything can happen: Your program can crash (or not), your computer can explode, your cat can get pregnant, etc".</div><div><br></div><div>One of my favorite examples:</div><div><br></div><div>void foo ( int *p ) {</div><div>#ifdef qLOG</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>log ( "foo: p => ", *p );</div><div>#endif</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>if ( p == NULL )</div><div><span class="Apple-tab-span" style="white-space:pre">                </span>// do something</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre">        </span>}</div><div><br></div><div>There are compiler which, when qLOG is defined, will elide the test for NULL - will not generate code to test p.</div><div><br></div><div>Why not? </div><div><span class="Apple-tab-span" style="white-space:pre">        </span>* If p != NULL, there's no need to test it</div><div><span class="Apple-tab-span" style="white-space:pre">        </span>* if p == NULL, we're already into undefined behavior, so who cares?</div><div><br></div><div>and it makes the executable smaller and run faster.</div><div><span class="Apple-tab-span" style="white-space: pre; ">        </span></div><div>Surprising? It certainly was to me the first time I saw it.</div><div>Legal? Absolutely.</div><div><br></div><div>Do we, the committee, want to forbid this kind of optimization? Why?</div><div><br></div><div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; ">-- Marshall<br><br>Marshall Clow Idio Software <<a href="mailto:mclow.lists@gmail.com">mailto:mclow.lists@gmail.com</a>><br><br>A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).<br> -- Yu Suzuki</span>
</div>
<br></body></html>