C++ Logo

sg12

Advanced search

Re: [ub] Objectives and tasks for SG12

From: Richard Smith <richardsmith_at_[hidden]>
Date: Wed, 29 May 2013 14:36:12 -0700
On Wed, May 29, 2013 at 12:35 PM, Jens Maurer <Jens.Maurer_at_[hidden]> wrote:

> On 05/29/2013 09:00 PM, Lawrence Crowl wrote:
> > We also need to define the consequences of senseless behavior.
> > In many cases, the consequences may be unbounded, which we currently
> > call undefined behavior. In other cases, we may limit the actions
> > possible for senseless behavior. For instance, we may require the
> > implementation to call a no-return handler.
> >
> > In either event, we must give compilers lattitude to emit diagnostics
> > at compile time, at link-time or at run-time. Much of this behavior
> > well likely be driven by compiler flags. However, in some cases,
> > performance is inconsistent with diagnostics and we must admit
> > unbounded consequences. However, unbounded consequences in the
> > language definition does not necessarily imply unbounded consequences
> > in the compilers. Compilers and programmers need the freedom to
> > detect and react to senseless behavior in a manner appropriate to
> > the application.
>
> It seems plausible to limit the possible consequences of senseless
> behavior in certain cases, along C11 annex L.
>
> Signed integer overflow is a fairly good example here, I believe:
>
> (1) Is a compiler diagnostic acceptable? Yes.
> (2) Is a run-time abort acceptable? Yes.
> (3) Is an unspecified result value acceptable? Yes.
> (4) Is it acceptable that your compiler changes the behavior
> of unrelated code that follows the overflow? That's very surprising.
>
> Giving compilers latitude to choose among 1-3 (depending on the
> target audience) is fine, but, in my opinion, prohibiting option 4
> would be an improvement.
>

I don't think we should make such judgments before considering all the
consequences. For instance, there are some optimizations which compilers
only perform if they can show a loop terminates or compute a loop trip
count, and the fact that signed overflow has undefined behavior allows
compilers to prove that some loops terminate. This can have very
far-reaching benefits which we may not want to lose.

Received on 2013-05-29 23:36:13