Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail
From: Oscar Benjamin <oscar.j.benjamin@gmail.com>
Newsgroups: comp.lang.python
Subject: Re: Undefined behaviour in C [was Re: The Cost of Dynamism]
Date: Sun, 27 Mar 2016 22:16:40 +0100
Lines: 71
Message-ID: <mailman.95.1459113409.28225.python-list@python.org>
References: <mailman.8.1457732171.12893.python-list@python.org> <ncnkma$d1i$1@dont-email.me> <mailman.425.1458526280.12893.python-list@python.org> <56ef9787$0$1516$c3e8da3$5496439d@news.astraweb.com> <mailman.433.1458546438.12893.python-list@python.org> <56f02196$0$1588$c3e8da3$5496439d@news.astraweb.com> <mailman.29.1458713374.2244.python-list@python.org> <nctrak$rbh$1@dont-email.me> <mailman.45.1458730161.2244.python-list@python.org> <ncu691$4aq$1@dont-email.me> <mailman.78.1458789868.2244.python-list@python.org> <nd0oaa$rsb$1@dont-email.me> <56f42d9f$0$1618$c3e8da3$5496439d@news.astraweb.com> <nd1ggm$v4q$1@dont-email.me> <56f55e2e$0$1619$c3e8da3$5496439d@news.astraweb.com> <87wpoq1omm.fsf@elektro.pacujo.net> <56f5f81d$0$1585$c3e8da3$5496439d@news.astraweb.com> <87io0a6j1w.fsf@nightsong.com> <56f67ee3$0$1583$c3e8da3$5496439d@news.astraweb.com> <87twjs5tz2.fsf@nightsong.com> <56f78e74$0$1616$c3e8da3$5496439d@news.astraweb.com> <87zitj1yae.fsf@bsb.me.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: news.uni-berlin.de EfDQJ4wdGp6aSjqzQqHcqQx+ki+rWVHHMylK2FTHWi1w==
Return-Path: <oscar.j.benjamin@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.000
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'compiler': 0.05; '#include': 0.07; 'bits': 0.07; 'overflow': 0.07; 'undefined': 0.07; 'cc:addr:python-list': 0.09; 'incorrect': 0.09; 'meaningful': 0.09; 'spelled': 0.09; '&gt;&gt;&gt;': 0.15; 'applies': 0.15; '"int': 0.16; '*before*': 0.16; '2016': 0.16; 'argc,': 0.16; 'behaviour.': 0.16; 'cc:name:python list': 0.16; 'compilers': 0.16; 'correctly,': 0.16; 'main(int': 0.16; 'overflow.': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'wrote:': 0.16; 'char': 0.18; '&gt;': 0.18; 'steve': 0.18; '>>>': 0.20; 'people,': 0.20; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; '(the': 0.22; 'do.': 0.22; 'claiming': 0.22; 'occurs': 0.22; 'trying': 0.22; '(or': 0.23; 'header:In-Reply-To:1': 0.24; 'all.': 0.24; 'paul': 0.24; 'signed': 0.24; 'example': 0.26; 'least': 0.27; 'question': 0.27; 'message-id:@mail.gmail.com': 0.27; 'values': 0.28; 'behaviour': 0.29; 'subject: [': 0.29; 'code': 0.30; 'certain': 0.31; "can't": 0.32; 'says': 0.32; 'point': 0.33; "d'aprano": 0.33; 'int': 0.33; 'obligations': 0.33; 'steven': 0.33; 'skip:& 20': 0.35; 'received:google.com': 0.35; 'could': 0.35; 'according': 0.36; 'but': 0.36; 'needed': 0.36; 'there': 0.36; 'received:209.85': 0.36; 'possible': 0.36; '(i.e.': 0.36; 'pm,': 0.36; 'subject:: ': 0.37; 'skip:& 10': 0.37; 'say': 0.37; 'received:209': 0.38; 'thank': 0.38; 'means': 0.39; 'whatever': 0.39; 'does': 0.39; 'still': 0.40; 'subject:The': 0.61; 'avoid': 0.61; 'course': 0.62; 'strictly': 0.64; 'mar': 0.65; 'isolated': 0.84; 'optimisation': 0.84; 'oscar': 0.84; 'proving': 0.84; 'reachable': 0.84; 'wrong!': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=8JexuhM9YnaAenToZhiHCJ/5fsZCdLrb5rBsYCOLdcs=; b=Y/2TDPgkF5BUFfp0mqD8HCYO1vKMdJ+qyMaq0SIsH8XX1mU8px9c93q/Fwv7Aj4t9C ZlIRDb1GYqTic37zqQtw+cAyt1kGLuyQK3YI6GxArkDwPs5WSjT0IEzqReD7EthRPPC8 wWXV9KDK/v8re7ZrjyFPop24GxeQ0SZzYOBhY/9m7BoqpOVMtE3LAeUa7Nk4mSAzRV7K jAqmlLe4joohDeijHymVAJeoN4sOMfiBUs5UY74zIYyxOkuSZKq3M+Yd3f0eXG/Tqhci u25uT/aGXTOSYz7o7bvynxBTRYZ+f0P6UVODK9Pn7LuAHtq0TLv/sQHG0J8lm/od6sTW Qiqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=8JexuhM9YnaAenToZhiHCJ/5fsZCdLrb5rBsYCOLdcs=; b=BvoG298Jaq3mBrezqe/1a3yNebGYZoZyb2pAGq6ZU6cs9Dprkk15oiGGvZ/rh4c9JZ 9xiddoLAXWo9F+rKErA/Pi6EF0TguTtL17IObcMvau8u55NaprLRA0rg9JX3GjFjejF/ FPnON8sxWjX6CLZAkRQRpJGcGw6vPuzqKaS18rmrSTzto3wTyyml2thHBPssD2oti0h7 NVIs+Ut22Usp439U51G7G/PCXyn016uSuRpTffOXR3YNiWpqU2ALrYYTa1KhsGqoXDiS SkGEXZXJOK1gFA25HGxHEl/I8emB82HLIkKucqO8zeailiDJmnQPu3uyyStxvqcL5kyR dR/Q==
X-Gm-Message-State: AD7BkJI+aEhP/fYnbQAl2e0dfhGBdFHsT8Rsus/oufdukFccL3yDdR0XNfQu8/KMHZVlCz4v0N3GiA3/on8yWw==
X-Received: by 10.112.166.100 with SMTP id zf4mr8809367lbb.58.1459113401090; Sun, 27 Mar 2016 14:16:41 -0700 (PDT)
In-Reply-To: <87zitj1yae.fsf@bsb.me.uk>
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Xref: csiph.com comp.lang.python:105874

On 27 Mar 2016 23:11, "Ben Bacarisse" <ben.usenet@bsb.me.uk> wrote:
>
> Steven D'Aprano <steve@pearwood.info> writes:
>
> > On Sun, 27 Mar 2016 05:13 pm, Paul Rubin wrote:
> >
> >> Steven D'Aprano <steve@pearwood.info> writes:
> >>> For example, would you consider that this isolated C code is
> >>> "meaningless"?
> >>> int i = n + 1;
> >>
> >> It's meaningful as long as n is in a certain range of values so there's
> >> no overflow.
> >>
> >>> But according to the standard, it's "meaningless", since it might
> >>> overflow, and signed int overflow is Undefined Behaviour.
> >>
> >> No it's not meaningless if it "might" overflow, it's meaningless if it
> >> -does- overflow,
> >
> > No! That's exactly wrong!
> >
> > Paul, thank you for inadvertently proving the point I am trying to get
> > across. People, even experienced C coders, simply don't understand what
the
> > C standard says and what C compilers can and will do.
> >
> > If the C compiler cannot prove that n is strictly less than MAXINT (or
is
> > that spelled INT_MAX?),
>
> (the latter)
>
> > the *entire program* (or at least the bits reachable from this line,
> > in both directions) is Undefined, and the compiler has no obligations
> > at all.
>
> If I understand you correctly, you are claiming that in this program
>
>   #include <stdio.h>
>
>   int main(int argc, char **argv)
>   {
>      int n = argc > 1 ? atoi(argv[1]) : 0;
>      int i = n + 1;  // not needed but used because it's the line in
question
>      printf("Hello world\n");
>   }
>
> everything after "int i = n + 1;" is undefined because the compiler
> can't prove that n is strictly less than INT_MAX.

Although Steve is incorrect to say that everything is undefined just
because the compiler can't prove that n != INT_MAX one thing that he is
right about is that undefined behaviour applies to the whole program. So if
the n+1 does lead to undefined behaviour (i.e. if n == INT_MAX) then the
behaviour is also undefined *before* that line. If we change the line to
INT_MAX+1 then a compiler is free to do whatever it likes with the *entire*
program.

In practice what this means is that an optimising compiler can see n+1 and
then optimise using the assumption that n!=INT_MAX (since there are *zero*
constraints on the behaviour of the *entire* program if that assumption is
broken). This optimisation could for example remove an if(n==INT_MAX) block
as dead code even if the check occurs *before* the line that involves n+1
which can be surprising. Of course if the check is used to conditionally
execute n+1 then the assumption cannot be applied by the optimiser so it's
still entirely possible to avoid this particular undefined behaviour.

--
Oscar