Re: Optimization techniques

Martin Ward <>
Thu, 25 Apr 2019 16:46:54 +0100

          From comp.compilers

Related articles
[10 earlier articles]
Re: Optimization techniques (Hans-Peter Diettrich) (2019-04-20)
Re: Optimization techniques (George Neuner) (2019-04-20)
Re: Optimization techniques (David Brown) (2019-04-23)
Re: Optimization techniques (David Brown) (2019-04-23)
Re: Optimization techniques (David Brown) (2019-04-23)
Re: Optimization techniques (Rick C. Hodgin) (2019-04-24)
Re: Optimization techniques (Martin Ward) (2019-04-25)
Re: Optimization techniques (David Brown) (2019-04-25)
Re: Optimization techniques (Kaz Kylheku) (2019-04-25)
Re: Optimization techniques (Kaz Kylheku) (2019-04-26)
Re: Optimization techniques (Kaz Kylheku) (2019-04-26)
Re: Optimization techniques (2019-04-26)
Re: Optimization techniques (Derek M. Jones) (2019-04-26)
[23 later articles]
| List of all articles for this month |

From: Martin Ward <>
Newsgroups: comp.compilers
Date: Thu, 25 Apr 2019 16:46:54 +0100
Organization: Compilers Central
References: <>
Injection-Info:; posting-host=""; logging-data="39770"; mail-complaints-to=""
Keywords: arithmetic, optimize, comment
Posted-Date: 25 Apr 2019 16:14:53 EDT

David Brown <> wrote:
> And there are undefined behaviours which could be given definitions, but
> doing so is not actually a positive thing. The prime example is signed
> integer overflow. Since overflowing your integers is almost always an
> error in the code anyway, there are no benefits in giving it defined
> behaviour.

This is completely backwards. If signed overflow was given a defined
behaviour (such as the two's complement result), then compilers for
CPUs which do not implement two's complement operations would have to
generate less efficient code (but does anyone still make such a CPU?).
Any program which guarantees not to overflow would be unaffected. Any
program which expects a two's complement result could now be relied
upon to work correctly, and not suddenly produce random results when
the next version of the compuler comes out! Any program which
expected a different result (one's complement anyone?) would need
additional code.

With the current situation, anyone wanting to avoid
undefined behaviour (and don't we all?) has to write code like
this for any signed operation:

signed int sum;
if (((si_b > 0) && (si_a > (INT_MAX - si_b))) ||
          ((si_b < 0) && (si_a < (INT_MIN - si_b)))) {
      /* Handle error */
} else {
      sum = si_a + si_b;


> But mathematical identities such as associativity and commutativity are
> valid because signed integer overflow does not happen - thus "a * (b +
> c)" can be changed to "(a * b) + (a * c)".

The following slide set discusses some of the problems with undefined
behaviour starting on slide 43:

Examples of problems include privilege elevation exploits and denial
of service attacks.

There was a discussion about undefined behaviour on this list in
March/April last year. Some examples:

Gcc may optimize out tests for buffer overflows because of integer


Dr Martin Ward | Email: |
G.K.Chesterton site: | Erdos number: 4
[I don't think there are any ones complement machines left but there are certainly
machines with different word sizes. -John]

Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.