Date: Thu, 24 Oct 2013 22:26:26 +0000
| -----Original Message-----
| From: ub-bounces_at_[hidden] [mailto:ub-bounces_at_[hidden]] On Behalf Of
| John Regehr
| Sent: Thursday, October 24, 2013 4:57 PM
| To: ub_at_[hidden]
| Subject: Re: [ub] ub due to left operand of shift
|
| Thanks for the details, Chandler. I'm really happy to hear that people
| found these error reports to be useful, even if that wasn't my
| experience. Perhaps I was talking to the wrong developers. I certainly
| would not want to push a change that reduces our ability to find bugs.
| It seems a little ironic that undefined behavior -- the source of so
| many horrible problems -- turns out to be a powerful debugging aid when
| coupled with good checkers.
In reality, as I pointed out at the Chicago meeting (but then the audience was
several slides ahead of my presentation :-)), there is a lot of wisdom in
the notion of 'undefined behavior'. Part of the problems we have is that
we haven't always been disciplined in using that tool -- for instance, there
is absolutely no good reason why an erroneous preprocessor construct should
lead to undefined behavior. It is unfortunate that the notion has been
conflated with other things and we have too many academic papers seizing
on attention-grabbing anomalies, leading to unfortunate bad press.
It was suggested that we should emphasisze the notion of
"erroneous program construct".
Additionally, we have not always done good job at explaining the notion,
why it is useful, and how it can be the basis for tools that help find programming
(logic) bugs., the experience reported by Chandler and similarly reproduced with
other compilers.
Informally: if you have a general purpose programming language where everything is
defined, you've made it much harder (if not impossible) to build tools that help
catch logic bugs. This is because, with everything defined, it isn't clear what
is bug and what is desired behavior.
But we are making progress. With the advent of 'constexpr', we are now requiring
compilers to catch more errors that would otherwise have led to undefined behavior;
this means that we are essentially getting to a position where an implementation of
quality will have necessary infrastructure to monitor/instrument "undefined behavior".
Similarly, we hope to plug the "undefined behavior" in the preprocessor soon.
-- Gaby
| From: ub-bounces_at_[hidden] [mailto:ub-bounces_at_[hidden]] On Behalf Of
| John Regehr
| Sent: Thursday, October 24, 2013 4:57 PM
| To: ub_at_[hidden]
| Subject: Re: [ub] ub due to left operand of shift
|
| Thanks for the details, Chandler. I'm really happy to hear that people
| found these error reports to be useful, even if that wasn't my
| experience. Perhaps I was talking to the wrong developers. I certainly
| would not want to push a change that reduces our ability to find bugs.
| It seems a little ironic that undefined behavior -- the source of so
| many horrible problems -- turns out to be a powerful debugging aid when
| coupled with good checkers.
In reality, as I pointed out at the Chicago meeting (but then the audience was
several slides ahead of my presentation :-)), there is a lot of wisdom in
the notion of 'undefined behavior'. Part of the problems we have is that
we haven't always been disciplined in using that tool -- for instance, there
is absolutely no good reason why an erroneous preprocessor construct should
lead to undefined behavior. It is unfortunate that the notion has been
conflated with other things and we have too many academic papers seizing
on attention-grabbing anomalies, leading to unfortunate bad press.
It was suggested that we should emphasisze the notion of
"erroneous program construct".
Additionally, we have not always done good job at explaining the notion,
why it is useful, and how it can be the basis for tools that help find programming
(logic) bugs., the experience reported by Chandler and similarly reproduced with
other compilers.
Informally: if you have a general purpose programming language where everything is
defined, you've made it much harder (if not impossible) to build tools that help
catch logic bugs. This is because, with everything defined, it isn't clear what
is bug and what is desired behavior.
But we are making progress. With the advent of 'constexpr', we are now requiring
compilers to catch more errors that would otherwise have led to undefined behavior;
this means that we are essentially getting to a position where an implementation of
quality will have necessary infrastructure to monitor/instrument "undefined behavior".
Similarly, we hope to plug the "undefined behavior" in the preprocessor soon.
-- Gaby
Received on 2013-10-25 00:26:44