From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13136 invoked by alias); 25 Jul 2011 16:22:09 -0000 Received: (qmail 13120 invoked by uid 22791); 25 Jul 2011 16:22:05 -0000 X-SWARE-Spam-Status: No, hits=-7.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,SPF_HELO_PASS X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 25 Jul 2011 16:21:46 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p6PGLj45006884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 25 Jul 2011 12:21:45 -0400 Received: from zebedee.pink (ovpn-116-36.ams2.redhat.com [10.36.116.36]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p6PGLhvn016743; Mon, 25 Jul 2011 12:21:44 -0400 Message-ID: <4E2D9816.4060307@redhat.com> Date: Mon, 25 Jul 2011 16:22:00 -0000 From: Andrew Haley User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110621 Fedora/3.1.11-1.fc14 Thunderbird/3.1.11 MIME-Version: 1.0 To: gcc-help@gcc.gnu.org Subject: Re: Is it OK that gcc optimizes away overflow check? References: <4E2B2B72.9050504@agner.org> <4E2D3AA9.1050207@redhat.com> <4E2D8DD3.1050001@agner.org> In-Reply-To: <4E2D8DD3.1050001@agner.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org X-SW-Source: 2011-07/txt/msg00240.txt.bz2 On 07/25/2011 04:37 PM, Agner Fog wrote: > > On 25-07-2011 11:43, Andrew Haley wrote: >> On 23/07/11 21:13, Agner Fog wrote: >>> 5). I have tested many different C++ compilers, and gcc turned out to be >>> the one that optimizes best. >> Well yes, and one of the reasons for this is that we take advantage of >> integer overflow being undefined. There is an entire class of >> optimizations (loop induction variable optimization) that is difficult >> of impossible without taking advantage of this. We don't do this kind >> of thing without good reason. > Actually, I think we can have the cake and eat it here. If gcc > behaves reasonably safe by default and then makes warnings in case > of missed optimization opportunities. The programmer should then > have the opportunity to enable the desired optimizations, for > example with pragmas at the critical places in the code. We already give people wrapping integer arithmetic if their program really needs it. It's only really a band-aid until they fix their programs. > If the programmer doesn't need the best optimization then he would > not enable those warnings and would be safe without having to care. gcc is already safe, though: we don't do any optimizations that generate incorrect code. Why should people who write correct C be penalized for the benefit of those who don't? This is, I accept, more of a philosophical question. > We already have the opportunity to allow the optimizer to ignore > pointer aliasing at specific places with the 'restrict' keyword. It > would be nice to have a similar opportunity to tell the compiler > where it can ignore overflow. It'd really be a new type: wrapping integer arithmetic. This is rather a big ask for a compiler like gcc, and IMO this is really one for the standard, not for us. IMO the problem is that you don't really accept that your program is wrong, despite the fact that the standard says that it has undefined behaviour. Andrew.