home *** CD-ROM | disk | FTP | other *** search
- Path: news.rmii.com!usenet
- From: jcoffin@rmii.com (Jerry Coffin)
- Newsgroups: comp.lang.c++
- Subject: Re: Name-mangling standard
- Date: Sat, 13 Jan 1996 05:03:11 GMT
- Organization: TAEUS
- Message-ID: <4d7aec$67l@natasha.rmii.com>
- References: <20c.32169.607@newage.com.ar> <4bsnbu$5mu@mujibur.inmind.com> <30EDC013.7C780E5E@cims.nyu.edu> <DL1pqE.KKq@infosoft.com>
- NNTP-Posting-Host: slip875.rmii.com
- X-Newsreader: Forte Free Agent 1.0.82
-
- jgalt@infosoft.com (John Galt) wrote:
-
- [ ... ]
- >For the same reason, I'm against the concept of "undefined behavior" in the C
- >and C++ standards. No program that has "undefined behavior" should compile.
-
- Here I have to disagree. On one hand there are lots of things it's not
- reasonable to try to define in a portable fashion. OTOH, not all
- programs are meant to be portable. For instance, if I'm writing
- something like a device driver, it makes little difference that I
- regularly invoke undefined behavior, as long as I know that the system
- for which the device driver is written handles it in a particular
- fasion.
-
- To give some specifics: if I'm writing a console driver on a PC, I'm
- likely to do something like this:
-
- int *screen = (int *)0xb80000000;
-
- which clearly isn't portable, and never will be. Attempting to call the
- effects anything other than undefined would be sheer folly. Yet if it's
- made illegal, it forces me to resort to assembly language instead,
- hardly an attractive proposition.
-
- In addition, the basic nature of much undefined behavior makes it
- impossible to detect at compile-time. For instance, if I have something
- vaguely similar to:
-
- char x[1234];
- unsigned subscript;
-
- cout << "Please enter a number: " << endl;
-
- cin >> subscript;
-
- cout << "\n%d", x[subscript];
-
- How do you propose to write a compiler that will know before hand
- whether the user will enter a number greater or less than 1233? It's
- obviously impossible.
-
- Even if we allow the detection to be moved to compile time, this
- mandates range checking on all array accesses, which is quite expensive,
- and something many would be quite displeased with.
-
- Adding bounds checking that works properly on dynamically allocated
- arrays is somewhat difficult itself. For instance, if I pass a pointer
- to the middle of a dynamically allocated array to a function, then the
- function accesses the memory, the run-time needs to be able to deduce
- from the pointer what block of memory it's received a pointer to, and
- consult the proper information to figure out what's legal with this
- particular pointer, and allow things like negative subscripts in this
- particular case. In cases where bounds checking is really important, it
- doesn't seem particularly onerous to use something like:
-
- checked_array<char> x(1234);
-
- and define the semantics as I see fit in checked_array. This of course
- raises another point: assuming we mandate a run-time that range checks
- all memory accesses, what do you propose that it do when it detects such
- a thing? It's obviously a bit late to prevent compilation. In C++ it
- can throw an exception (which a checked_array class can as well) but you
- also mention this with C? What should happen in C? You could mandate a
- call to abort, but this "cure" may well be much worse than the disease.
-
-
- Ultimately, I think compiler technology has progressed to the point that
- some things the C standard considers undefined behavior can and should
- be detected and dianosed. However, detection of _all_ undefined behavior
- would require a huge amount of run-time checking with concommitant loss
- of anything approaching efficiency and would likely make C++ a bit nicer
- for the academics, but destroy its usefulness.
- Later,
- Jerry.
-
- /* I can barely express my own opinions; I certainly can't
- * express anybody else's.
- *
- * The universe is a figment of its own imagination.
- */
-
-
