Sujet : Re: Computer architects leaving Intel...
De : david.brown (at) *nospam* hesbynett.no (David Brown)
Groupes : comp.archDate : 04. Sep 2024, 08:53:28
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vb9058$3nlvo$2@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
User-Agent : Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
On 04/09/2024 03:54, MitchAlsup1 wrote:
On Tue, 3 Sep 2024 23:19:36 +0000, David Brown wrote:
On 03/09/2024 19:19, Bernd Linsel wrote:
On 03.09.24 10:10, David Brown wrote:
>
snip 8< - - - - - - - -
>
(There are a few situations where UB in C could be diagnosed at
compile-time, which are probably historical decisions to avoid
imposing too much work on early compilers. Where possible, UB that
can be caught at compile time, could usefully be turned into constrain
violations that must be diagnosed.)
>
And exactly these are the situations that I'd like to be warned from,
rather than the compiler making up something without telling.
>
>
Some of those /are/ warned about by compilers (but I'd rather the
standards said that they were errors). But in general, many can be
handled by good development practice and compiler warnings. Still,
compilers could always get better!
Something that might be an error in a 32-bit machine may not be
an error in a 36-bit {48, 64, 72} machine.
One thing that could make a big difference, I think, is to drop the
compilation model of each translation unit being compiled to a binary
object independently, with only a minimal amount of information for
linking. Link-time optimisation allows for many extra checks, not all
of which are currently implemented AFAIK. For example, it should be
possible to check that external declarations and definitions match up
correctly across modules - that's currently UB and rarely checked.
How does one call fprintf() under those rules ??
Untyped vararg functions are a big risk factor for programming and are always difficult for static (or run-time) checking. The best you can do is limit them to the standard ones (the printf family is very useful), make sure you are always using declarations from common headers rather than "home-made" declarations, and use the tools you can (such as gcc and clang's format attribute checks).
There will never be a way to do full automatic checking of code correctness. But the more mistakes that can be caught automatically, the better. Modern tools can catch more than older tools, and there is scope for them to catch even more. (Though it can sometimes be surprising how difficult it can be to add seemingly obvious warnings to compilers - the way the different analysis and optimisation passes are divided can mean critical information is lost or too inefficient to track.)
Computer architects leaving Intel...
Re: Computer architects leaving Intel...
