On Tue, 22 Mar 2016 09:56:57 +0100
"Cezary H. Noweta" <chn at poczta.onet.pl> wrote:
> On 2016-03-22 00:35, James K. Lowden wrote:
> >[...] An example from Clang's discussion is
> >
> > int i = 10 << 31;
>
> Could you provide a link for that discussion? (Or google's phrase to
> retrieve such link?)
I'm sorry, no. Not for the first time I wish my browser had a feature
like "find links in history with documents matching regex".
I didn't read it on the Clang mailing list. I think I saw it by
reference in Regehr's discussion of "friendly C". It specifically
mentioned 10 << 31 as an example of an "integer" requiring 35 bits,
something gcc assigns silently and clang diagnoses with a warning.
If you haven't seen it,
http://blog.regehr.org/archives/1180
is a good starting point. It mentions "Towards Optimization-Safe
Systems: Analyzing the Impact of Undefined Behavior"
(http://pdos.csail.mit.edu/papers/stack:sosp13.pdf), which is where I
learned that sharp-edged optimization is not a brand-new phenomenon.
DJB provides a properly justified grumpy, frustrated view,
https://groups.google.com/forum/m/#!msg/boring-crypto/48qa1kWignU/o8GGp2K1DAAJ
wherein he mentions one of the defenses for the status quo,
"that a boring C compiler can't possibly support the desired
system _performance_. Even if this were true (which I very much
doubt), why would it be more important than system _correctness_?"
That should be the only argument needed. DJB is concerned about
security. DRH is concerned about correctness. The serious C
programmer doesn't breath who prizes performance over correctness, yet
that is the license the compiler writers have granted themselves.
--jkl
