On Tue, 22 Mar 2016 09:56:57 +0100 "Cezary H. Noweta" <chn at poczta.onet.pl> wrote:
> On 2016-03-22 00:35, James K. Lowden wrote: > >[...] An example from Clang's discussion is > > > > int i = 10 << 31; > > Could you provide a link for that discussion? (Or google's phrase to > retrieve such link?) I'm sorry, no. Not for the first time I wish my browser had a feature like "find links in history with documents matching regex". I didn't read it on the Clang mailing list. I think I saw it by reference in Regehr's discussion of "friendly C". It specifically mentioned 10 << 31 as an example of an "integer" requiring 35 bits, something gcc assigns silently and clang diagnoses with a warning. If you haven't seen it, http://blog.regehr.org/archives/1180 is a good starting point. It mentions "Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior" (http://pdos.csail.mit.edu/papers/stack:sosp13.pdf), which is where I learned that sharp-edged optimization is not a brand-new phenomenon. DJB provides a properly justified grumpy, frustrated view, https://groups.google.com/forum/m/#!msg/boring-crypto/48qa1kWignU/o8GGp2K1DAAJ wherein he mentions one of the defenses for the status quo, "that a boring C compiler can't possibly support the desired system _performance_. Even if this were true (which I very much doubt), why would it be more important than system _correctness_?" That should be the only argument needed. DJB is concerned about security. DRH is concerned about correctness. The serious C programmer doesn't breath who prizes performance over correctness, yet that is the license the compiler writers have granted themselves. --jkl