--
---
You received this message because you are subscribed to the Google Groups "ISO C++ Standard - Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to std-discussio...@isocpp.org.
To post to this group, send email to std-dis...@isocpp.org.
Visit this group at http://groups.google.com/a/isocpp.org/group/std-discussion/.
On 12 Sep 2015, at 17:05 , Øyvind Teig <oyvin...@gmail.com> wrote:Thanks. Using int8_t causes the same "unexpected" behaviour (http://www.edaplayground.com/x/LSL)> Languages where signed overflow is well defined either support only hardware with expected behavior or do additional checking at the cost of runtime performance.The occam solution (mentioned in my blog note) would cause exception on overflow or underflow on '+' and '-' operations, but would allow defined wraparound on PLUS, MINUS (and AFTER) operations.The rationale for the C/C++/C++11/C++14(?) designers not to let the definition of a two's complement number not be implemented as one, but let it rely on compiler writer or processor designer's choices sounds to me rather contrary to the idea of a "high level" language.
How deep is this thinking in this community? Is this line of reasoning challenged in any way, or do the language designers really mean that this kind of behaviour (undefined semantics) is what's expected from C++ coders?
C/C++ does it right for wider words than 8 bits, even signed. Are you certain that this is not an 8-bit implementation glitch? What's the idea of unexpected (=incorrect) behaviour of a narrow width and expected (=correct) behaviour on a wider width?
I work with safety critical systems.
I found this error while working with some code at work. So far I am not releaved. It's not a mistake of mine.
On 2015–09–12, at 11:17 PM, Thiago Macieira <thi...@macieira.org> wrote:Therefore, this line is wrong because it relies on UB:
FutureTimeout_1Minute += 60; // Overflow/underflow allowed,
// so wraps and changes sign
behavior, for a well-formed program construct and correct data, that depends on the implementation and that each implementation documents
C++ does not dictate 2’s complement. See [basic.fundamental]/7 “this International Standard permits 2’s complement, 1’s complement and signed magnitude representations for integral types". This allows C++ to be supported on a wider range of hardware. And since all of those have different behavior on signed overflow the language doesn’t mandate what to do.
However, unsigned integer overflow is defined: [basic.fundamental]/4 “Unsigned integers shall obey the laws of arithmetic modulo 2^n where n is the number of bits in the value representation of that particular size of integer."
Miro, Thiago and David
thanks for your clarifying descriptions. I have learnt more than I'd like to admit, and I have updated in my blog note with a warning. More warning than I like! We certainly use static analysis tools at work.
But building platform-independent software by carefully using platform-dependent Lego bricks certainly makes me doubt. I cannot for the best of it understand that it need be this way.
if ((signed char) (Timer_Secs - FutureTimeout_1Minute) > 0) {...} else {...}
--
---
You received this message because you are subscribed to a topic in the Google Groups "ISO C++ Standard - Discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/a/isocpp.org/d/topic/std-discussion/pdaoWRp8ZYg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to std-discussio...@isocpp.org.
Yes, that will work, although it has implementation-defined behavior, since you are converting a (promoted) int with a value not representable in the target (signed char) type; [conv.integral]/3. It is reasonable to expect that implementation-defined behavior to be unsurprising given knowledge of the characteristics of the platform, and in any case it can be ascertained by reading implementation documentation (which is required to be provided).Note though that this will only work for types with lesser range than int, e.g. signed char and short; otherwise signed overflow will occur, which has undefined behavior.