Thu, 25 Apr 2019 16:46:54 +0100

Related articles |
---|

[10 earlier articles] |

Re: Optimization techniques DrDiettrich1@netscape.net (Hans-Peter Diettrich) (2019-04-20) |

Re: Optimization techniques gneuner2@comcast.net (George Neuner) (2019-04-20) |

Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |

Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |

Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |

Re: Optimization techniques rick.c.hodgin@gmail.com (Rick C. Hodgin) (2019-04-24) |

Re: Optimization techniques martin@gkc.org.uk (Martin Ward) (2019-04-25) |

Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-25) |

Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-25) |

Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-26) |

Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-26) |

Re: Optimization techniques alexfrunews@gmail.com (2019-04-26) |

Re: Optimization techniques derek@_NOSPAM_knosof.co.uk (Derek M. Jones) (2019-04-26) |

[23 later articles] |

From: | Martin Ward <martin@gkc.org.uk> |

Newsgroups: | comp.compilers |

Date: | Thu, 25 Apr 2019 16:46:54 +0100 |

Organization: | Compilers Central |

References: | <72d208c9-169f-155c-5e73-9ca74f78e390@gkc.org.uk> |

Injection-Info: | gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970"; logging-data="39770"; mail-complaints-to="abuse@iecc.com" |

Keywords: | arithmetic, optimize, comment |

Posted-Date: | 25 Apr 2019 16:14:53 EDT |

David Brown <david.brown@hesbynett.no> wrote:

*> And there are undefined behaviours which could be given definitions, but*

*> doing so is not actually a positive thing. The prime example is signed*

*> integer overflow. Since overflowing your integers is almost always an*

*> error in the code anyway, there are no benefits in giving it defined*

*> behaviour.*

This is completely backwards. If signed overflow was given a defined

behaviour (such as the two's complement result), then compilers for

CPUs which do not implement two's complement operations would have to

generate less efficient code (but does anyone still make such a CPU?).

Any program which guarantees not to overflow would be unaffected. Any

program which expects a two's complement result could now be relied

upon to work correctly, and not suddenly produce random results when

the next version of the compuler comes out! Any program which

expected a different result (one's complement anyone?) would need

additional code.

With the current situation, anyone wanting to avoid

undefined behaviour (and don't we all?) has to write code like

this for any signed operation:

signed int sum;

if (((si_b > 0) && (si_a > (INT_MAX - si_b))) ||

((si_b < 0) && (si_a < (INT_MIN - si_b)))) {

/* Handle error */

*} else {*

sum = si_a + si_b;

*}*

See:

https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow

*> But mathematical identities such as associativity and commutativity are*

*> valid because signed integer overflow does not happen - thus "a * (b +*

*> c)" can be changed to "(a * b) + (a * c)".*

The following slide set discusses some of the problems with undefined

behaviour starting on slide 43:

http://www0.cs.ucl.ac.uk/staff/B.Karp/3007/s2018/lectures/3007-lecture5-C-arith-undef-behav.pdf

Examples of problems include privilege elevation exploits and denial

of service attacks.

There was a discussion about undefined behaviour on this list in

March/April last year. Some examples:

https://blog.regehr.org/archives/213

https://blog.regehr.org/archives/759

Gcc may optimize out tests for buffer overflows because of integer

overflows:

https://lwn.net/Articles/278137/

--

Martin

Dr Martin Ward | Email: martin@gkc.org.uk | http://www.gkc.org.uk

G.K.Chesterton site: http://www.gkc.org.uk/gkc | Erdos number: 4

[I don't think there are any ones complement machines left but there are certainly

machines with different word sizes. -John]

Post a followup to this message

Return to the
comp.compilers page.

Search the
comp.compilers archives again.