Re: The code of co-workers
From: Dave Vandervies (dj3vande_at_csclub.uwaterloo.ca)
Date: 03/02/05
- Next message: infobahn: "Re: WSJ article on software liability"
- Previous message: Bryan Hoover: "Re: WSJ article on software liability"
- In reply to: infobahn: "Re: The code of co-workers"
- Next in thread: Willem: "Re: The code of co-workers"
- Reply: Willem: "Re: The code of co-workers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 2 Mar 2005 17:42:29 +0000 (UTC)
In article <4225C9E0.47257C4C@btinternet.com>,
infobahn <infobahn@btinternet.com> wrote:
>beliavsky@aol.com wrote:
>> I think a good compiler for a standardized language should have a
>> "strict" option such that compiling cleanly indicates that the code
>> obeys all language rules.
>
>Would you issue a diagnostic for this C code?
>
>void foo(int *a, int *i, int *j)
>{
> a[++*i] = a[++*j];
>}
>
>If so, why? If not, why not?
(For those who aren't as into nitpicking C code as the participants in
this subthread but are still trying to follow it, this code has a few
nontrivial constraints on the inputs:
-all of the pointers have to be valid (dereferencing an invalid pointer
is illegal)
-neither *i nor *j may be INT_MAX (arithmetic on integers with results
outside of the range [INT_MIN,INT_MAX] is illegal)
-*i+1 and *j+1 must be valid indices into the array that a points into
(though they may be negative, if a points somewhere other than the
beginning of an array) (indexing outside the bounds of an array
is illegal)
-i, j, and (a+*i+1) must point at three different ints, because all of
these are modified between the same pair of sequence points (modifying
an object multiple times between sequence points is illegal)
-neither i nor j may point at the same int as (a+*j+1), because a[*j+1]
is accessed for reasons other than determining the new values stored in
*i and *j (accessing, between sequence points, the value of an object
that gets modified between the same pair of sequence points is only
legal if the access is used to determine the new value to be stored).
-Quite possibly some that I'm missing (that last one I missed the first
three times I looked at it)
But if (and only if) these constraints are all followed, the behavior
is perfectly well-defined.)
At compile time, no, for the same reason I wouldn't warn every time an
unchecked pointer is dereferenced or arithmetic is done on an unchecked
integer: To avoid burying any useful diagnostics in useless ones,
the compiler has to assume that the programmer is handling things like
making sure functions where the definedness of the behavior depends on
the inputs get valid inputs.
If I ever get around to building the aggressively checking implementation
that's on my list of Things To Do Before The Heat Death Of The Universe,
the virtual machine will trap at runtime if i==j, or if either of *i+1 or
*j+1 is outside the bounds of the array that a points into, or if either
of *i or *j is INT_MAX and the increment overflows, or if a+*i+1==i
or a+*i+1==j, or (if I can figure out how to check it) if a+*j+1==i or
a+*j+1==j, because any of these things invoke undefined behavior that
can be caught at runtime if the underlying platform knows about the
constraints and cares enough to spend resources[1] checking them.
dave
[1] Most likely time, but logic gates is also a possibility for most
(all?) of these. Though sequence-point-aware hardware that runs at
the same speed as non-checking hardware would probably take quite
a lot of developer time as well...
-- Dave Vandervies dj3vande@csclub.uwaterloo.ca > _you_ could be a conforming implementation Not until I document my implementation-defined behaviour (n869:3.11). I have no immediate plans to do this. --Richard Bos and Richard Heathfield in CLC
- Next message: infobahn: "Re: WSJ article on software liability"
- Previous message: Bryan Hoover: "Re: WSJ article on software liability"
- In reply to: infobahn: "Re: The code of co-workers"
- Next in thread: Willem: "Re: The code of co-workers"
- Reply: Willem: "Re: The code of co-workers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
