Since when does GCC *assume* the program to be correct? [LWN.net]

Since when does GCC assume the program to be correct?

Posted Apr 18, 2008 16:19 UTC (Fri) by viro (subscriber, #7872)
In reply to: Since when does GCC *assume* the program to be correct? by brouhaha
Parent article: GCC and pointer overflows

Standard is a contract between authors of program and authors of
C implementation; if program invokes undefined behaviour, all bets
are off.  It is allowed to compile the check in question into "check
if addition had triggered an overflow; if it had, before bothering
with any comparisons do unto luser what Simon would have done
on a particulary bad day".

It can also turn that into "if addition overflows, take the value of
first argument".  And optimize according to that.

It's not a matter of optimizing your comparisons away; it's a matter
of addition having no prescribed semantics in case of overflows,
regardless of optimizations.

(Log in to post comments)

Since when does GCC *assume* the program to be correct?

Posted Apr 18, 2008 21:00 UTC (Fri) by nix (subscriber, #2304) [Link]

Well said. Also, while in some cases it is a QoI issue which high-quality 
implementations will in some cases prescribe useful semantics for, this 
isn't such a case. I can't think of any particularly useful semantics for 
pointer wraparound, especially given that distinct objects have no defined 
nor stable relationships with each other anyway. Operating under the rules 
of modular arithmetic might have been nice, and perhaps a more recent 
language would define that...