Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| Related articles |
|---|
| [10 earlier articles] |
| Re: Optimization techniques DrDiettrich1@netscape.net (Hans-Peter Diettrich) (2019-04-20) |
| Re: Optimization techniques gneuner2@comcast.net (George Neuner) (2019-04-20) |
| Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |
| Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |
| Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-23) |
| Re: Optimization techniques rick.c.hodgin@gmail.com (Rick C. Hodgin) (2019-04-24) |
| Re: Optimization techniques martin@gkc.org.uk (Martin Ward) (2019-04-25) |
| Re: Optimization techniques david.brown@hesbynett.no (David Brown) (2019-04-25) |
| Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-25) |
| Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-26) |
| Re: Optimization techniques 847-115-0292@kylheku.com (Kaz Kylheku) (2019-04-26) |
| Re: Optimization techniques alexfrunews@gmail.com (2019-04-26) |
| Re: Optimization techniques derek@_NOSPAM_knosof.co.uk (Derek M. Jones) (2019-04-26) |
| [24 later articles] |
| From: | Martin Ward <martin@gkc.org.uk> |
| Newsgroups: | comp.compilers |
| Date: | Thu, 25 Apr 2019 16:46:54 +0100 |
| Organization: | Compilers Central |
| References: | <72d208c9-169f-155c-5e73-9ca74f78e390@gkc.org.uk> |
| Injection-Info: | gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970"; logging-data="39770"; mail-complaints-to="abuse@iecc.com" |
| Keywords: | arithmetic, optimize, comment |
| Posted-Date: | 25 Apr 2019 16:14:53 EDT |
David Brown <david.brown@hesbynett.no> wrote:
> And there are undefined behaviours which could be given definitions, but
> doing so is not actually a positive thing. The prime example is signed
> integer overflow. Since overflowing your integers is almost always an
> error in the code anyway, there are no benefits in giving it defined
> behaviour.
This is completely backwards. If signed overflow was given a defined
behaviour (such as the two's complement result), then compilers for
CPUs which do not implement two's complement operations would have to
generate less efficient code (but does anyone still make such a CPU?).
Any program which guarantees not to overflow would be unaffected. Any
program which expects a two's complement result could now be relied
upon to work correctly, and not suddenly produce random results when
the next version of the compuler comes out! Any program which
expected a different result (one's complement anyone?) would need
additional code.
With the current situation, anyone wanting to avoid
undefined behaviour (and don't we all?) has to write code like
this for any signed operation:
signed int sum;
if (((si_b > 0) && (si_a > (INT_MAX - si_b))) ||
((si_b < 0) && (si_a < (INT_MIN - si_b)))) {
/* Handle error */
} else {
sum = si_a + si_b;
}
See:
https://wiki.sei.cmu.edu/confluence/display/c/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow
> But mathematical identities such as associativity and commutativity are
> valid because signed integer overflow does not happen - thus "a * (b +
> c)" can be changed to "(a * b) + (a * c)".
The following slide set discusses some of the problems with undefined
behaviour starting on slide 43:
http://www0.cs.ucl.ac.uk/staff/B.Karp/3007/s2018/lectures/3007-lecture5-C-arith-undef-behav.pdf
Examples of problems include privilege elevation exploits and denial
of service attacks.
There was a discussion about undefined behaviour on this list in
March/April last year. Some examples:
https://blog.regehr.org/archives/213
https://blog.regehr.org/archives/759
Gcc may optimize out tests for buffer overflows because of integer
overflows:
https://lwn.net/Articles/278137/
--
Martin
Dr Martin Ward | Email: martin@gkc.org.uk | http://www.gkc.org.uk
G.K.Chesterton site: http://www.gkc.org.uk/gkc | Erdos number: 4
[I don't think there are any ones complement machines left but there are certainly
machines with different word sizes. -John]
Return to the
comp.compilers page.
Search the
comp.compilers archives again.