Integer overflow and underflow semantics
Andrew Wiley
wiley.andrew.j at gmail.com
Fri May 18 11:46:06 PDT 2012
On Fri, May 18, 2012 at 6:26 AM, akaz <nemo at utopia.com> wrote:
>
>> Bumping this as we still need to make a decision about this. As recently
>> as yesterday, someone on the GCC mailing list posted a complaint about an
>> optimization pass that assumed undefined semantics for overflow. We need to
>> have a stance about this, since GDC is going into mainline GCC soon.
>>
>
> Just jumping into the bandwagon with several info:
>
> http://en.wikipedia.org/wiki/**Therac<http://en.wikipedia.org/wiki/Therac>
>
> Therac25 was a medicale machine that injured several people because:
>
> "When input parameters are unverified or inconsistent,
> the treatment monitor task periodically runs a procedure
> that increments a counter
> This counter is used as a flag by the housekeeping task,
> indicating whether gun firing should be enabled or not
> However, as the counter is only 8 bits, it will overflow
> every 256 ticks, and the “flag” will temporarily indicate a
> zero condition!
> If the “set” command is given at that instant,
> inconsistencies are not checked, and unshielded high-
> energy radiation may result"
>
> The case is known in the real-time operating systems programming.
>
> Does D throw an exception when an integral type (signed or unsigned)
> underflows or overflows? I am for defining this as the implicit behavior.
> Using a counter in the cyclical mode should be rather be explicitly invoked.
>
>
Massive industrial systems run on code written in systems languages that
dismissed this behavior as unacceptably slow years ago. That one programmer
was incrementing a counter when he should have been storing a nonzero value
instead isn't really relevant to this discussion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puremagic.com/pipermail/digitalmars-d/attachments/20120518/d2481505/attachment.html>
More information about the Digitalmars-d
mailing list