Re: GCC optimizes integer overflow: bug or feature?

[Gabriel Dos Reis]

Andrew Haley <address@hidden> writes:

| Gabriel Dos Reis writes:
|  > Andrew Haley <address@hidden> writes:
|  > 
|  > | Robert Dewar writes:
|  > |  > Andrew Haley wrote:
|  > |  > 
|  > |  > > We've already defined `-fwrapv' for people who need nonstandard
|  > |  > > arithmetic.
|  > |  > 
|  > |  > Nonstandard implies that the result does not conform with the 
standard,
|  > | 
|  > | I don't think it does; it merely implies that any program which
|  > | requires "-fwrapv" for correct execution is not a strictly conforming
|  > | program.
|  > 
|  > How many useful C programs do you know that are strictly conforming?
|  > Certainly, GCC isn't stritcly conforming.
|  > 
|  > I suspect the actual argument must be somewhere else.
| 
| I'm sure it is. 

No doubt GCC is useful.  But I very much doubt it is a strictly
conforming program.

       [#5] A strictly conforming  program  shall  use  only  those
       features  of  the  language  and  library  specified in this
       International  Standard.2)   It  shall  not  produce  output
       dependent on any unspecified, undefined, or  implementation-
       defined   behavior,   and   shall  not  exceed  any  minimum
       implementation limit.


| The only purpose of my mail was to clarify what I
| meant by "nonstandard", which in this case was "not strictly
| conforming".  I didn't intend to imply anything else.

OK.  The way I saw the exchange of arguments was

     * Give data that justify this breakage

     + But we have -fwrapv for nonstandard arithmetic

     * -fwrap implements standard conforming semantics 

     + But a program that needs -fwrap is not stricly conforming
    
     ....

which reads to me as an abstract (bogus) argument is being made in
place of providing actual data.  What worries me the most -- and
prompted my message -- is the implication that it is OK to break a
non strictly conforming program.  If GCC systematically goes there, it
will quickly become useless (except for academic exercises).  And I'm
sure you did not intend that. 

Consequently, I suspect the breakage must be non-systematic, but
guided by some principles or rules.  I also believe that the breakage
is not done just because something is labelled an "optimization".  In
end, we need actual data to back up the claim that the transformation
is indeed an optimization worthwhile, and it is a good thing for most
actual software to have it enabled by default.

| In this case, there are two ways to view the program: either it has a
| bug, or it has an environmental depencency on wrapping integer
| arithmetic.

"environmental dependency" is not necessrily indication of bug.

For sure, integer overflow is undefined according to the C standard.
However, the C standard is not the only thing in the world that C
programs care about.  Theere are other useful standards (some of them
make contradictory requirements with respect to ISO C).  The quandry
is to find a ground where GCC implements the C standard, remains
useful, yet does a good job. I don't think we can systematically apply
the abstract argument that if a program contains an undefined
behaviour it is OK to break it.  And indeed, GCC already have
acknowledged some undefined behaviour and promise not to break
programs that contain them. 

-- Gaby

| 
| Andrew.

-- 
                                                        Gabriel Dos Reis
                                                         address@hidden
        Texas A&M University -- Department of Computer Science
        301, Bright Building -- College Station, TX 77843-3112