May 18, 2012 Re: Integer overflow and underflow semantics | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to akaz Attachments:
| On Fri, May 18, 2012 at 6:26 AM, akaz <nemo@utopia.com> wrote:
>
>> Bumping this as we still need to make a decision about this. As recently as yesterday, someone on the GCC mailing list posted a complaint about an optimization pass that assumed undefined semantics for overflow. We need to have a stance about this, since GDC is going into mainline GCC soon.
>>
>
> Just jumping into the bandwagon with several info:
>
> http://en.wikipedia.org/wiki/**Therac<http://en.wikipedia.org/wiki/Therac>
>
> Therac25 was a medicale machine that injured several people because:
>
> "When input parameters are unverified or inconsistent,
> the treatment monitor task periodically runs a procedure
> that increments a counter
> This counter is used as a flag by the housekeeping task,
> indicating whether gun firing should be enabled or not
> However, as the counter is only 8 bits, it will overflow
> every 256 ticks, and the “flag” will temporarily indicate a
> zero condition!
> If the “set” command is given at that instant,
> inconsistencies are not checked, and unshielded high-
> energy radiation may result"
>
> The case is known in the real-time operating systems programming.
>
> Does D throw an exception when an integral type (signed or unsigned) underflows or overflows? I am for defining this as the implicit behavior. Using a counter in the cyclical mode should be rather be explicitly invoked.
>
>
Massive industrial systems run on code written in systems languages that dismissed this behavior as unacceptably slow years ago. That one programmer was incrementing a counter when he should have been storing a nonzero value instead isn't really relevant to this discussion.
| |||
Permalink
ReplyMay 18, 2012 Re: Integer overflow and underflow semantics | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Alex Rønne Petersen | On Sunday, 6 May 2012 at 16:27:34 UTC, Alex Rønne Petersen wrote:
> On 05-05-2012 06:57, Alex Rønne Petersen wrote:
>> Hi,
>>
>> I don't think the language really makes it clear whether overflows and
>> underflows are well-defined. Do we guarantee that for any integral type
>> T, T.max + 1 == T.min and T.min - 1 == T.max?
>>
>> This is relevant in particular for GDC and LDC since they target a lot
>> of weird architectures.
>>
>
> Can anyone give a definitive answer to this or at least confirm that it is an open issue?
I don't have the reference at the moment but the C99(?) standard requires wraparound behavior by UNSIGNED integer values. I don't know if there is an equivalent requirement for signed values.
| |||
May 18, 2012 Re: Integer overflow and underflow semantics | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Paul D. Anderson | On Friday, 18 May 2012 at 19:59:01 UTC, Paul D. Anderson wrote:
> On Sunday, 6 May 2012 at 16:27:34 UTC, Alex Rønne Petersen wrote:
>> On 05-05-2012 06:57, Alex Rønne Petersen wrote:
>>> Hi,
>>>
>>> I don't think the language really makes it clear whether overflows and
>>> underflows are well-defined. Do we guarantee that for any integral type
>>> T, T.max + 1 == T.min and T.min - 1 == T.max?
>>>
>>> This is relevant in particular for GDC and LDC since they target a lot
>>> of weird architectures.
>>>
>>
>> Can anyone give a definitive answer to this or at least confirm that it is an open issue?
>
> I don't have the reference at the moment but the C99(?) standard requires wraparound behavior by UNSIGNED integer values. I don't know if there is an equivalent requirement for signed values.
Sorry, it's C++:
3.9.1/4
Unsigned integers, declared unsigned, shall obey the laws of arithmetic modulo 2n where n is the number of bits in the value representation of that particular size of integer.
Paul
| |||
May 21, 2012 Re: Integer overflow and underflow semantics | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Paul D. Anderson | On Friday, 18 May 2012 at 20:01:15 UTC, Paul D. Anderson wrote:
> On Friday, 18 May 2012 at 19:59:01 UTC, Paul D. Anderson wrote:
>> On Sunday, 6 May 2012 at 16:27:34 UTC, Alex Rønne Petersen wrote:
>>> On 05-05-2012 06:57, Alex Rønne Petersen wrote:
>>>> Hi,
>>>>
>>>> I don't think the language really makes it clear whether overflows and
>>>> underflows are well-defined. Do we guarantee that for any integral type
>>>> T, T.max + 1 == T.min and T.min - 1 == T.max?
>>>>
>>>> This is relevant in particular for GDC and LDC since they target a lot
>>>> of weird architectures.
>>>>
>>>
>>> Can anyone give a definitive answer to this or at least confirm that it is an open issue?
>>
>> I don't have the reference at the moment but the C99(?) standard requires wraparound behavior by UNSIGNED integer values. I don't know if there is an equivalent requirement for signed values.
>
> Sorry, it's C++:
It's both C and C++ for unsigned integer.
Signed is undefined, unsigned is 'wraparound'.
Both sucks for the default behaviour IMHO : premature optimisation..
renoX
| |||
Copyright © 1999-2021 by the D Language Foundation