Re: [1003.1(2016)/Issue7+TC2 0001108]: LONG_MIN must be <= -2147483648

2018-07-18 Thread Joseph Myers 
On Wed, 11 Jul 2018, Vincent Lefevre wrote:

> I completely disagree on this change. Undefined behavior is useful

Likewise.  That part of the changes is clearly a bad idea and should not 
be applied to issue 8.

-- 
Joseph S. Myers
jos...@codesourcery.com

Re: [1003.1(2016)/Issue7+TC2 0001108]: LONG_MIN must be <= -2147483648

2018-07-12 Thread Vincent Lefevre 
On 2018-07-11 21:10:16 +, Austin Group Bug Tracker wrote:
>  (0004050) cmsmith (reporter) - 2018-07-11 21:10
>  http://austingroupbugs.net/view.php?id=1108#c4050 
> -- 
> These changes seem to invalidate compilers for use in Unix/POSIX which use
> trap representations for int, long, etc., variables.  I may be missing

Not trap representations (this is unrelated), but the fact that
compilers regard undefined behavior as having any effect, which
can be used for optimization. This is common nowadays.

BTW, I can't comment on this bug: I get an error
"The action cannot be performed because issue "1108" is read-only."

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: [1003.1(2016)/Issue7+TC2 0001108]: LONG_MIN must be <= -2147483648

2018-07-11 Thread Vincent Lefevre 
On 2018-06-07 16:10:03 +, Austin Group Bug Tracker wrote:
> On P567 L19829 (abs), replaceIf the result cannot be
> represented, the behavior is undefined.withIf
> the result cannot be represented, the result shall be
> {INT_MIN}.
> On P567 L19838 (abs), replaceIn two's-complement
> representation, the absolute value of the negative integer with largest
> magnitude {INT_MIN} might not be
> representable.withSince POSIX.1 requires a
> two's complement representation of int, the absolute value of the
> negative integer with the largest magnitude {INT_MIN} is not representable;
> but the rules of negation in two's complement arithmetic ensure that
> {INT_MIN} is returned.

I completely disagree on this change. Undefined behavior is useful
in order to allow the compiler to optimize, e.g. the compiler should
be allowed to assume that abs(x) >= 0 during VRP. This is also
useful for security: undefined behavior allows the compiler to check
this particular case and trigger a trap, avoiding erratic behavior
of the program.

Ditto for the other similar changes:

> On P1135 L38352 (imaxabs), replaceIf the result cannot be
> represented, the behavior is undefined.withIf
> the result cannot be represented, the result shall be
> {INTMAX_MIN}.
> On P1135 L38361 (imaxabs), replaceThe absolute value of the
> most negative number cannot be represented in two's
> complement.withSince POSIX.1 requires a two's
> complement representation of intmax_t, the absolute value of the
> negative integer with the largest magnitude {INTMAX_MIN} is not
> representable; but the rules of negation in two's complement arithmetic
> ensure that {INTMAX_MIN} is returned.
>  On P1232 L41185 (labs), replaceIf the result cannot be
> represented, the behavior is undefined.withIf
> the result cannot be represented, the result shall be {LONG_MIN} for
> labs() or {LLONG_MIN} for llabs() .
> On P1232 L41195 (labs APPLICATION USAGE),
> replaceNone.withSince POSIX.1
> requires a two's complement representation of long and long
> long, the absolute value of the negative integer with the largest
> magnitude {LONG_MIN} or {LLONG_MIN} is not representable; but the rules of
> negation in two's complement arithmetic ensure that {LONG_MIN} (for
> labs()) or {LLONG_MIN} (for llabs()) is
> returned.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)