| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Feb 2016 16:12:41 -0500 From: James Y Knight <jyknight@...gle.com> To: Lawrence Crowl <Lawrence@...wl.org> Cc: parallel@...ts.isocpp.org, "linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>, "gcc@....gnu.org" <gcc@....gnu.org>, llvm-dev <llvm-dev@...ts.llvm.org>, Will Deacon <will.deacon@....com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>, Luc Maranget <luc.maranget@...ia.fr>, Andrew Morton <akpm@...ux-foundation.org>, Jade Alglave <j.alglave@....ac.uk>, Ingo Molnar <mingo@...nel.org>, Markus Trippelsdorf <markus@...ppelsdorf.de> Subject: Re: [llvm-dev] [isocpp-parallel] Proposal for new memory_order_consume definition No, you really don't need undefined behavior in the standard in order to enable bug-finding. The standard could've (and still could...) make signed integer overflow "implementation-defined" rather than "undefined". Compilers would thus be required to have *some documented meaning* for it (e.g. wrap 2's-complement, wrap 1's-complement, saturate to min/max, trap, or whatever...), but must not have the current "Anything goes! I can set your cat on fire if the optimizer feels like it today!" behavior. Such a change to the standard would not reduce any ability to do error checking, as compilers that want to be helpful could perfectly-well define it to trap at runtime when given certain compiler flags, and perfectly well warn you of your dependence upon unportable implementation-defined behavior (or, that your program is going to trap), at build-time. [Sending again as a plain-text email, since a bunch of mailing lists apparently hate on multipart messages that even contain a text/html part...] On Mon, Feb 29, 2016 at 2:38 PM, Lawrence Crowl via llvm-dev <llvm-dev@...ts.llvm.org> wrote: > On 2/28/16, Linus Torvalds <torvalds@...ux-foundation.org> wrote: >> The fact is, undefined compiler behavior is never a good idea. Not for >> serious projects. > > Actually, undefined behavior is essential for serious projects, but > not for the reasons mentioned. > > If the language has no undefined behavior, then from the compiler's view, > there is no such thing as a bad program. All programs will compile and > enter functional debug (possibly after shipping to customer). On the > other hand, a language with undefined behavior makes it possible for > compilers (and their run-time support) to identify a program as wrong. > > The problem with the latest spate of compiler optimizations was not the > optimization, but the lack of warnings about exploiting undefined behavior. > > -- > Lawrence Crowl > _______________________________________________ > LLVM Developers mailing list > llvm-dev@...ts.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
Powered by blists - more mailing lists