GCC Undefined Behavior Sanitizer
monarch_dodra via Digitalmars-d
digitalmars-d at puremagic.com
Sun Oct 19 01:37:53 PDT 2014
On Saturday, 18 October 2014 at 23:10:15 UTC, Ola Fosheim Grøstad
wrote:
> On Saturday, 18 October 2014 at 08:22:25 UTC, monarch_dodra
> wrote:
>> Besides, the code uses x + 1, so the code is already in
>> undefined state. It's just as wrong as the "horrible code with
>> UB" we wère trying to avoid in the first place.
>>
>> So much for convincing me that it's a good idea...
>
> Not sure if you are saying that modulo-arithmetic as a default
> is a bad or good idea?
Op usually suggested that all overflows should be undefined
behavior, and that you could "pre-emptivelly" check for overflow
with the above code. The code provided itself overflowed, so was
also undefined.
What I'm pointing out is that working with undefined behavior
overflow is exceptionally difficult, see later.
> In D and (C++ for uint) it is modulo-arithmetic so it is
> defined as a circular type with at discontinuity which makes
> reasoning about integers harder.
What interesting is that overflow is only defined for unsigned
integers. signed integer overflow is *undefined*, and GCC *will*
optimize away any conditions that rely on it.
One thing I am certain of, is that making overflow *undefined* is
*much* worst than simple having modulo arithmetic. In particular,
implementing trivial overflow checks is much easier for the
average developper. And worst case scenario, you can still have
library defined checked integers.
More information about the Digitalmars-d
mailing list