On Fri, May 18, 2012 at 6:26 AM, akaz <[email protected]> wrote:
> >> Bumping this as we still need to make a decision about this. As recently >> as yesterday, someone on the GCC mailing list posted a complaint about an >> optimization pass that assumed undefined semantics for overflow. We need to >> have a stance about this, since GDC is going into mainline GCC soon. >> > > Just jumping into the bandwagon with several info: > > http://en.wikipedia.org/wiki/**Therac<http://en.wikipedia.org/wiki/Therac> > > Therac25 was a medicale machine that injured several people because: > > "When input parameters are unverified or inconsistent, > the treatment monitor task periodically runs a procedure > that increments a counter > This counter is used as a flag by the housekeeping task, > indicating whether gun firing should be enabled or not > However, as the counter is only 8 bits, it will overflow > every 256 ticks, and the “flag” will temporarily indicate a > zero condition! > If the “set” command is given at that instant, > inconsistencies are not checked, and unshielded high- > energy radiation may result" > > The case is known in the real-time operating systems programming. > > Does D throw an exception when an integral type (signed or unsigned) > underflows or overflows? I am for defining this as the implicit behavior. > Using a counter in the cyclical mode should be rather be explicitly invoked. > > Massive industrial systems run on code written in systems languages that dismissed this behavior as unacceptably slow years ago. That one programmer was incrementing a counter when he should have been storing a nonzero value instead isn't really relevant to this discussion.
