Re: Should GCC publish a general rule/warning due to it's default presumption of undefined signed integer overflow semantics?

[Gabriel Dos Reis <gdr@integrable-solutions.net>]

Joe Buck <Joe.Buck@synopsys.COM> writes:

| On Fri, Jul 01, 2005 at 12:25:58AM +0200, Gabriel Dos Reis wrote:
| > Joe Buck <Joe.Buck@synopsys.COM> writes:
| > 
| > [...]
| > 
| > | Given your biases, you might be happier with Java as a language (than C or
| > | C++).  The Java language designers decided to strictly define many cases
| > | that are not defined in C (example: the order side effects is always
| > | strictly left to right, floating point is always IEEE, etc., integer
| > | overflow wraps around).  There is a performance penalty for this, but
| > | given the "write once, run everywhere" goal it was felt that it's worth
| > | paying this price.
| > 
| > Well, in the case of C++ I can say that the designer and original
| > implementor of C++ is quite amazed as to how people interpret
| > "undefined behaviour" in this thread. 
| 
| Really?  You've talked to Stroustrup?

I work with him on daily basis, and as a matter of fact we've discussed
the heart of this topic of this thread yesterday over lunch.  But, as
much as I hate argument by authority I could not let this discussion
goes on the slope it is taking without saying what I understood from
discussion with him on the topic.  It wasn't meant as a proof.  Just a
data point.  Of course, it is far preferable he speaks for himself but
it is hard to have him take part of a debate where extreme abstract
arguments are more dominant than balance between two apparant
conflicting goals. And that is, I guess, a wise thing to do just as
core developers like RTH may have a say on this very issue :-) 

| Can you be more specific?

yes, see below.

| (If you're talking about the regularly repeated claim that "undefined
| behavior" means the compiler can delete all your files, hack your bank
| account, and send all your money to the GCC team, well, that's just
| hyperbole not to be taken seriously).

as you may correctly guess he is familiar with those rethorical figures. 

| > I don't think he would suggest
| > that people go to use Java instead.
| 
| Are you claiming that Stroustrup would want to sacrifice loop optimization
| to make Paul happy?

No, I'm not claiming that.  But, on the other hand he does not believe
engineering decisions for useful compilers should be primarily based on
SPEC numbers for example, or primarily driven by the best
optimizations without some considerations on the impacts and
"practices" and expectations.  And he is not claiming it is easy :-)

What I'm claiming is that he thinks "undefined behaviour" in the
standard should not be taken as meaning "go to hell" (or punishment to
borrow words from you) or absolute liberty for compiler writers to do
just about everything that is imaginable, regardless of expectations.
In other words, it is a question of balance.  As, an example, he
illustrated the issue with the story -- quickly classified as "legend" by
Robert Dewar -- about the best C optimizing compilers that miscompiled
the Unix kernel that nobody wanted to use in practice (even if it
would blow up any other competing compiler) and the company
running out of business.  (Interestingly, it was also predictated that
Robert would react ;-))

| Undefined behavior doesn't mean that we should attempt to arbitrarily
| punish those who cross the line; that's why I don't think forcing integer
| overflows to trap (at least by default) is a good idea.  In many cases,
| "assume no overflow, but don't trap" can produce a better result than
| "assume wrap" does, as in the example I gave before.

Yes, I understand.

I just don't think the answer would be to tell Paul to go to Java,
even though that would have the side effect of closing the already
long discussion :-)  Correctness and efficiency is important to us.
GCC is of great interest to us too.

-- Gaby