<div dir="ltr">On Wed, May 29, 2013 at 12:35 PM, Jens Maurer <span dir="ltr"><<a href="mailto:Jens.Maurer@gmx.net" target="_blank">Jens.Maurer@gmx.net</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 05/29/2013 09:00 PM, Lawrence Crowl wrote:<br>
> We also need to define the consequences of senseless behavior.<br>
> In many cases, the consequences may be unbounded, which we currently<br>
> call undefined behavior. In other cases, we may limit the actions<br>
> possible for senseless behavior. For instance, we may require the<br>
> implementation to call a no-return handler.<br>
><br>
> In either event, we must give compilers lattitude to emit diagnostics<br>
> at compile time, at link-time or at run-time. Much of this behavior<br>
> well likely be driven by compiler flags. However, in some cases,<br>
> performance is inconsistent with diagnostics and we must admit<br>
> unbounded consequences. However, unbounded consequences in the<br>
> language definition does not necessarily imply unbounded consequences<br>
> in the compilers. Compilers and programmers need the freedom to<br>
> detect and react to senseless behavior in a manner appropriate to<br>
> the application.<br>
<br>
It seems plausible to limit the possible consequences of senseless<br>
behavior in certain cases, along C11 annex L.<br>
<br>
Signed integer overflow is a fairly good example here, I believe:<br>
<br>
(1) Is a compiler diagnostic acceptable? Yes.<br>
(2) Is a run-time abort acceptable? Yes.<br>
(3) Is an unspecified result value acceptable? Yes.<br>
(4) Is it acceptable that your compiler changes the behavior<br>
of unrelated code that follows the overflow? That's very surprising.<br>
<br>
Giving compilers latitude to choose among 1-3 (depending on the<br>
target audience) is fine, but, in my opinion, prohibiting option 4<br>
would be an improvement.<br></blockquote><div><br></div><div style>I don't think we should make such judgments before considering all the consequences. For instance, there are some optimizations which compilers only perform if they can show a loop terminates or compute a loop trip count, and the fact that signed overflow has undefined behavior allows compilers to prove that some loops terminate. This can have very far-reaching benefits which we may not want to lose.</div>
</div></div></div>