| ▲ | account42 4 days ago |
| Ah yes, the good old "compiler writers only care about benchmarks and are out to hurt everyone else" nonsense. I for one am glad that compilers can assume that things that can't happen according to the language do in fact not happen and don't bloat my programs with code to handle them. |
|
| ▲ | adwn 4 days ago | parent | next [-] |
| > I for one am glad that compilers can assume that things that can't happen according to the language do in fact not happen and don't bloat my programs with code to handle them. Yes, unthinkable happenstances like addition on fixed-width integers overflowing! According to the language, signed integers can't overflow, so code like the following: int new_offset = current_offset + 16;
if (new_offset < current_offset)
return -1; // Addition overflowed, something's wrong
can be optimized to the much leaner int new_offset = current_offset + 16;
Well, I sure am glad the compiler helpfully reduced the bloat in my program! |
| |
| ▲ | account42 4 days ago | parent [-] | | Garbage in, garbage out. Stop blaming the compiler for your bad code. | | |
| ▲ | adwn 4 days ago | parent [-] | | You're objectively wrong. This code isn't bad, it's concise and fast (even without the compiler pattern-matching it to whatever overflow-detecting machine instructions happen to be available), and it would be valid and idiomatic for unsigned int. Stop blaming the code for your bad language spec. | | |
| ▲ | account42 4 days ago | parent [-] | | The language spec isn't bad just because it doesn't allow you to do what you want. Are you also upset that you need to add memory barriers where the memory model of the underlying platform doesn't need them? Again, this isn't undefined behavior to fuck you over and compilers don't use it for optimizations because they hate you. It's because it makes a real difference for performance which is the primary reason low level languages are used. If you for some reason want less efficient C++ then compilers even provide you flags to make this particular operation defined. There is no reason the rest of us have to suffer worse performance because of you. Personally I would prefer if unsigned ints had the same undefined behavior by default with explicit functions for wrapping overflow. That would make developer intent much clearer and give tools a chance to diagnose unwanted overflow. | | |
| ▲ | adwn 3 days ago | parent [-] | | No, dangerous behavior should be opt-in, not opt-out. In 99.9 % of integer additions, overflow-is-UB won't make any difference performance-wise, but may still screw you over if you're unlucky. In the 0.1 % of cases where there's even the potential for a measurable speed-up, you'll want to careful craft your code anyway, and you can use explicit, UB-exploiting functions. Rust does it right: The "+"-operator is wrapping in release builds (and throws an exception when debug-assertions are enabled), and there are explicit functions for checked/overflowing/saturating/strict/unchecked/wrapping addition [1]. The "unchecked" variant exploits UB-on-overflow and is marked as unsafe. These functions exist both for signed and unsigned integer types. Which once again shows that it's very well possible to design a sane, low-level language which is just as fast as C. [1] https://doc.rust-lang.org/std/primitive.u32.html |
|
|
|
|
|
| ▲ | titzer 4 days ago | parent | prev [-] |
| Moral hazard here. The rest of us, and all of society, now rests on a huge pile of code written by incorrigible misers who imagined themselves able to write perfect, bug-free code that would go infinitely fast because bad things never happen. But see, there's bugs in your code and other people pay the cost. |
| |
| ▲ | kazinator 4 days ago | parent | next [-] | | There is an incredible amount of C out there relative to how the sky basically isn't falling. | | |
| ▲ | titzer 4 days ago | parent [-] | | Ransomware attacks against hospitals and a dark extortion economy churning tens if not hundreds of billions of dollars a year in losses and waste. What would the "sky falling" look like to you? If you're expecting dramatic movie scenes like something out of Mr Robot, I'm afraid the reality is more mundane, just a never-ending series of basic programming errors that turn into remote code execution exploits because of language and compiler choices by people who don't pay the costs. | | |
| ▲ | kazinator 4 days ago | parent [-] | | To completely eliminate the possibility of ransomware attack, you need an incredibly locked down platform, and users who are impervious to social engineering. Vulnerabilities to ransomware (and other forms of malware) can be perpetrated without a single bad pointer being dereferenced. For instance, a memory-safe e-mail program can automatically open an attachment, and the memory-safe application which handles the attachment can blindly run code embedded in the document in a leaky sandbox. There is an incredible amount of infrastructure out there that depends on C. Embedded devices, mobile devices, desktops, servers. Network stacks, telephony stacks, storage, you name it. Encryption, codecs, ... Sky is falling would mean all of it would be falling down so badly that, for instance, you would have about a 50% chance of connecting a server that is more than four hops away. |
|
| |
| ▲ | account42 4 days ago | parent | prev [-] | | There's bugs in your code without undefined behavior too. Go use a different language if you don't care about performance, there are many to choose from. | | |
| ▲ | pjmlp 4 days ago | parent [-] | | Not only do I care about performance, the languages I use, are able to delivery both safety and performace at the level required for project delivery. Unfortunely too many folks still pretend C is some kind of magic portable Assembly language that no other language on Earth is able to achieve the same. Also if I care enough about ultimate performace, like anyone that actually cares about performance, I dust off my Assembly programming skills, alongside algorithms, datastructures and computer organisation. |
|
|
